Linux Kernel Vulnerability in batman-adv Affects Counter Management
CVE-2026-52919

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52919?

In the Linux kernel, a vulnerability in batman-adv relates to improper management of the 'sending' atomic counter during shutdown operations. The function batadv_tp_sender_shutdown() decrements this counter unconditionally, which can lead to an underflow scenario, resulting in a negative value. When the sender logic interprets any non-zero value as 'still sending', this can cause the sender kthread to enter an infinite loop. As a consequence, a use-after-free issue may be triggered when the network interface is terminated while the zombie thread persists. The fix utilizes atomic_xchg() to accurately manage the counter’s transition from 1 to 0.

Affected Version(s)

Linux 33a3bb4a3345bb511f9c69c913da95d4693e2a4e

References

https://git.kernel.org/stable/c/e75e2ab463b5b34df6b98f94d...

https://git.kernel.org/stable/c/abae88fa254f2981d39ac003a...

https://git.kernel.org/stable/c/c66d20a3ff095e3f000551d20...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52919 Data

JSON