Linux Kernel Vulnerability in batman-adv Affecting Multiple Versions
CVE-2026-52922

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52922?

In the Linux kernel's batman-adv module, a vulnerability arises when the function batadv_dat_forward_data() attempts to duplicate a socket buffer (skb) for each Distributed Hash Table (DHT) candidate. If memory allocation fails during this duplication, the error is not handled appropriately, leading to a NULL pointer dereference when the function batadv_send_skb_prepare_unicast_4addr() is invoked with the faulty skb. This could potentially result in system instability or crashes due to the unguarded dereference.

Affected Version(s)

Linux 785ea1144182c341b8b85b0f8180291839d176a8 < 9bcebaedfb8479cb4affb23c7a0d000ca9a20e73

Linux 785ea1144182c341b8b85b0f8180291839d176a8 < 2edb8aeb3cdda9d00ec4997252dc5bcd6f54d8ef

Linux 785ea1144182c341b8b85b0f8180291839d176a8

References

https://git.kernel.org/stable/c/9bcebaedfb8479cb4affb23c7...

https://git.kernel.org/stable/c/2edb8aeb3cdda9d00ec499725...

https://git.kernel.org/stable/c/ce0c381199402a2c58f4599f4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52922 Data

JSON