Kernel Vulnerability in Linux Affecting batman-adv Product
CVE-2026-52931

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52931?

An issue was identified in the Linux kernel within the batman-adv networking component, where the functions batadv_tp_recv_ack() and batadv_tp_stop() improperly handle uninitialized sender variables. This vulnerability may allow an attacker to exploit a receiver node in an active tp_meter session by sending a crafted ACK packet, resulting in undefined behavior. To mitigate this, a validation check on the tp_vars role should be implemented before accessing any sender-specific variables.

Affected Version(s)

Linux 33a3bb4a3345bb511f9c69c913da95d4693e2a4e < 0e388af04b3958b178a1b979527f93eb46ea1fee

Linux 33a3bb4a3345bb511f9c69c913da95d4693e2a4e < 1a21c055f66e78973712a4a1be2a554f1ee2e4f4

Linux 33a3bb4a3345bb511f9c69c913da95d4693e2a4e < 9884c9c02d3c90e9215db3c5128f59045d20ae91

References

https://git.kernel.org/stable/c/0e388af04b3958b178a1b9795...

https://git.kernel.org/stable/c/1a21c055f66e78973712a4a1b...

https://git.kernel.org/stable/c/9884c9c02d3c90e9215db3c51...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52931 Data

JSON