CVE-2026-43382
Deadlock Risk in batman-adv ELP Metric Worker
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved in the Linux kernel by modifying the batman-adv code to avoid deadlocks caused by double rtnl_lock calls.
To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's batman-adv component, specifically related to handling the RTNL lock during certain operations.
The function batadv_v_elp_get_throughput() might be called when the RTNL lock is already held, which can cause problems if a work queue item is cancelled using cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In such cases, attempting to acquire the RTNL lock again (rtnl_lock()) can lead to a deadlock.
To fix this, the code was changed to use rtnl_trylock() to avoid acquiring the lock if it is already held, skipping retrieval of ethtool information in that scenario. Additionally, for cfg80211 interfaces, the function batadv_get_real_netdev() was replaced with a lockless version (__batadv_get_real_netdev()) to prevent similar locking issues.
How can this vulnerability impact me? :
This vulnerability can cause a deadlock in the Linux kernel's batman-adv networking component when certain functions attempt to acquire the RTNL lock multiple times.
A deadlock can cause the affected system or network functionality to hang or become unresponsive, potentially disrupting network communication or services relying on batman-adv.