Local Denial of Service Vulnerability in Linux Kernel batman-adv
CVE-2026-52914

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52914?

The batman-adv component of the Linux kernel contains a vulnerability that can be exploited to bypass fragment validation checks, leading to potential denial of service conditions. This occurs when malformed fragment chains are processed without proper validation due to a flaw in payload length accounting. The vulnerability allows the accumulated length of queued fragments to be truncated during updates, which can enable an attacker to provoke inconsistent states during the reassembly process. Recent updates to the batman-adv have addressed this issue by employing a new length-typed field for storage and implementing overflow protections to ensure reassembly only occurs with valid fragment lengths.

Affected Version(s)

Linux 610bfc6bc99bc83680d190ebc69359a05fc7f605

Linux 610bfc6bc99bc83680d190ebc69359a05fc7f605 < 37be61825b15534a16ff9cfc9546de155b6df982

Linux 610bfc6bc99bc83680d190ebc69359a05fc7f605 < 975563c5de1123dde1ec7946bf5556d20c89d74e

References

https://git.kernel.org/stable/c/e4f3f6b818aa6a678bc54a2d4...

https://git.kernel.org/stable/c/37be61825b15534a16ff9cfc9...

https://git.kernel.org/stable/c/975563c5de1123dde1ec7946b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52914 Data

JSON