Linux Kernel Vulnerability in Batman-adv affecting OGM Transmission
CVE-2026-52913

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52913?

A vulnerability in the Linux kernel's batman-adv module was identified where a disabled batadv_hard_iface results in a NULL mesh_iface pointer. Despite the interface being disabled, the function batadv_v_ogm_send_meshif() can still initiate OGM messages through batadv_v_ogm_queue_on_if(). This scenario may cause a system crash due to a NULL pointer dereference when attempting to access the now NULL hard_iface->mesh_iface, indicating a need for additional checks within the code to ensure the integrity of the mesh_iface is maintained before sending OGM messages.

Affected Version(s)

Linux 0da0035942d47766c32843143fb5dba7a29cb48c

Linux 0da0035942d47766c32843143fb5dba7a29cb48c < 70c9f6ab0d8f785087fb74fb85464a9a5288bfdb

Linux 0da0035942d47766c32843143fb5dba7a29cb48c < 040fe8eb34624002071dd21de9824dfe668ce65d

References

https://git.kernel.org/stable/c/d7391a2b854a62235539c68e9...

https://git.kernel.org/stable/c/70c9f6ab0d8f785087fb74fb8...

https://git.kernel.org/stable/c/040fe8eb34624002071dd21de...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52913 Data

JSON