CVE-2026-43382
Analyzed Analyzed - Analysis Complete
Deadlock Risk in batman-adv ELP Metric Worker

Publication date: 2026-05-08

Last updated on: 2026-05-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnl_lock ELP metric worker batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case, an rtnl_lock() would cause a deadlock. To avoid this, rtnl_trylock() was used in this function to skip the retrieval of the ethtool information in case the RTNL lock was already held. But for cfg80211 interfaces, batadv_get_real_netdev() was called - which also uses rtnl_lock(). The approach for __ethtool_get_link_ksettings() must also be used instead and the lockless version __batadv_get_real_netdev() has to be called.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-26
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43382
EUVD
EUVD-2026-28688
Affected Vendors & Products
Showing 17 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.14
linux linux_kernel 6.14
linux linux_kernel 6.14
linux linux_kernel 6.14
linux linux_kernel 6.14
linux linux_kernel 6.14
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)
linux linux_kernel From 6.14.1 (inc) to 6.18.19 (exc)
linux linux_kernel From 5.10.235 (inc) to 5.10.253 (exc)
linux linux_kernel From 5.15.179 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.4.291 (inc) to 5.5 (exc)
linux linux_kernel From 6.1.129 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.12.16 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.13.4 (inc) to 6.14 (exc)
linux linux_kernel From 6.6.79 (inc) to 6.6.130 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's batman-adv component, specifically related to handling the RTNL lock during certain operations.

The function batadv_v_elp_get_throughput() might be called when the RTNL lock is already held, which can cause problems if a work queue item is cancelled using cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In such cases, attempting to acquire the RTNL lock again (rtnl_lock()) can lead to a deadlock.

To fix this, the code was changed to use rtnl_trylock() to avoid acquiring the lock if it is already held, skipping retrieval of ethtool information in that scenario. Additionally, for cfg80211 interfaces, the function batadv_get_real_netdev() was replaced with a lockless version (__batadv_get_real_netdev()) to prevent similar locking issues.

Impact Analysis

This vulnerability can cause a deadlock in the Linux kernel's batman-adv networking component when certain functions attempt to acquire the RTNL lock multiple times.

A deadlock can cause the affected system or network functionality to hang or become unresponsive, potentially disrupting network communication or services relying on batman-adv.

Mitigation Strategies

The vulnerability has been resolved in the Linux kernel by modifying the batman-adv code to avoid deadlocks caused by double rtnl_lock calls.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43382. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart