CVE-2026-52914

NONE EPSS 40.2%
Published Jun 24, 20265d ago · Modified Jun 24, 20265d ago
Find Similar
Published Jun 24, 2026 5d ago
Last Modified Jun 24, 2026 5d ago

Description

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated fragment length to be truncated during updates. As a result, malformed fragment chains can bypass the intended validation and drive reassembly with inconsistent length state, leading to a local denial of service. Fix the accounting by storing the accumulated length in a length-typed field and rejecting update overflows before the existing validation logic runs. The fix was verified against the original reproducer and against valid fragment reassembly paths.

Threat Intelligence

EPSS Exploit Probability
40.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/37be61825b15534a16ff9cfc9546de155b6df982
  • git.kernel.org https://git.kernel.org/stable/c/3eb8bcb823391bd58997831b3c9c152a4ba8e255
  • git.kernel.org https://git.kernel.org/stable/c/975563c5de1123dde1ec7946bf5556d20c89d74e
  • git.kernel.org https://git.kernel.org/stable/c/9cd3f16c320bfdadd4509358122368deb56a5741
  • git.kernel.org https://git.kernel.org/stable/c/e4f3f6b818aa6a678bc54a2d4e0bece2303c6a64
  • git.kernel.org https://git.kernel.org/stable/c/e910dbf509125fe51ad68e4fa74dc8ab0a8e787a
  • git.kernel.org https://git.kernel.org/stable/c/f653b040dad1af70fa5cd4fe085e4758925480c9
  • git.kernel.org https://git.kernel.org/stable/c/fdb2c96efb2baeb3725e9ce3ede8f1e36f5490f0

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.