Unicast Fragment Vulnerability in Linux Kernel by Linux Foundation
CVE-2026-52916

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52916?

A vulnerability in the Linux kernel's batman-adv component allows for a specially crafted BATADV_UNICAST_FRAG packet to cause recursive processing. This can lead to unbounded growth of the kernel stack when fragments are reassembled, effectively exhausting system resources. The vulnerability occurs when a malicious sender crafts a packet with nested BATADV_UNICAST_FRAG packets, leading to a denial of service. Proper handling mechanisms for fragment processing have been implemented to discard invalid packets and mitigate the exploitation risks.

Affected Version(s)

Linux 610bfc6bc99bc83680d190ebc69359a05fc7f605 < 0c208fa3859e3a33a1c38bebc41d021166e94ac8

Linux 610bfc6bc99bc83680d190ebc69359a05fc7f605

References

https://git.kernel.org/stable/c/0c208fa3859e3a33a1c38bebc...

https://git.kernel.org/stable/c/bcda4814dc6524283c0b95888...

https://git.kernel.org/stable/c/aea54d0bbe156d5ab7d00d68f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52916 Data

JSON