Acknowledged
Created: Sep 21, 2025
Updated: Sep 23, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]batman-adv: fix OOB read/write in network-coding decode[EOL][EOL]batadv_nc_skb_decode_packet() trusts coded_len and checks only against[EOL]skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing[EOL]payload headroom, and the source skb length is not verified, allowing an[EOL]out-of-bounds read and a small out-of-bounds write.[EOL][EOL]Validate that coded_len fits within the payload area of both destination[EOL]and source sk_buffs before XORing.
