CVE-2026-52919

NONE EPSS 1.9%
Published Jun 24, 20265d ago · Modified Jun 24, 20265d ago
Find Similar
Published Jun 24, 2026 5d ago
Last Modified Jun 24, 2026 5d ago

Description

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tp_meter counter underflow during shutdown batadv_tp_sender_shutdown() unconditionally decrements the "sending" atomic counter. If multiple paths (e.g. timeout, user cancel, and normal finish) call this function, the counter can underflow to -1. Since the sender logic treats any non-zero value as "still sending", a negative value causes the sender kthread to loop indefinitely. This leads to a use-after-free when the interface is removed while the zombie thread is still active. Fix this by using atomic_xchg() to ensure the counter only transitions from 1 to 0 once. [sven: added missing change in batadv_tp_send]

Threat Intelligence

EPSS Exploit Probability
1.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/01cefc5923889e29dbb5f281c3d457714ceb9c00
  • git.kernel.org https://git.kernel.org/stable/c/90ae3eae06b7b8ab9f6250b9497c860915b4c17b
  • git.kernel.org https://git.kernel.org/stable/c/94f3b133168d1c49895e7cc6afbcf1cc0b354602
  • git.kernel.org https://git.kernel.org/stable/c/abae88fa254f2981d39ac003a7b302528a22af64
  • git.kernel.org https://git.kernel.org/stable/c/aeae11c5dad9cd0d50723890bdd866f8e6db2e7d
  • git.kernel.org https://git.kernel.org/stable/c/c1bac194733aabd731aafa6a01350c229e187dba
  • git.kernel.org https://git.kernel.org/stable/c/c66d20a3ff095e3f000551d208ec2606616db15c
  • git.kernel.org https://git.kernel.org/stable/c/e75e2ab463b5b34df6b98f94d740aff327ce9f6b

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.