CVE-2026-52916

NONE EPSS 7.4%
Published Jun 24, 20265d ago · Modified Jun 24, 20265d ago
Find Similar
Published Jun 24, 2026 5d ago
Last Modified Jun 24, 2026 5d ago

Description

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadv_frag_skb_buffer() is called by batadv_batman_skb_recv() when a BATADV_UNICAST_FRAG packet is received. Once all fragments are collected and the packet is reassembled, batadv_recv_frag_packet() calls batadv_batman_skb_recv() again to process the defragmented payload. A malicious sender can craft a BATADV_UNICAST_FRAG packet whose reassembled payload is itself a BATADV_UNICAST_FRAG packet (matryoshka-style nesting). Each nesting level recurses through batadv_batman_skb_recv() without bound, growing the kernel stack until it is exhausted. Since refragmentation or fragments in fragments are not actually allowed, discard all packets which are still BATADV_UNICAST_FRAG packets after the defragmentation process.

Threat Intelligence

EPSS Exploit Probability
7.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0c208fa3859e3a33a1c38bebc41d021166e94ac8
  • git.kernel.org https://git.kernel.org/stable/c/5418be6c2e117bf8a316582795a8e3ff90f45e5d
  • git.kernel.org https://git.kernel.org/stable/c/5895ad21c7059a652da83fb817510f7a1e962abf
  • git.kernel.org https://git.kernel.org/stable/c/7138c35c9ad39a2fca6264af6b87466471f04ffc
  • git.kernel.org https://git.kernel.org/stable/c/aea54d0bbe156d5ab7d00d68f66149ff41f4612a
  • git.kernel.org https://git.kernel.org/stable/c/b54e459cf86943583c1aa2ee3081874e7ab1f5f3
  • git.kernel.org https://git.kernel.org/stable/c/bc62216dc8e221e3781afa14430f45208bfa9af9
  • git.kernel.org https://git.kernel.org/stable/c/bcda4814dc6524283c0b958882cb963d75fe411d

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.