CVE-2026-52914
Received Received - Intake
Fragment Reassembly Length Bypass in Linux Kernel

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated fragment length to be truncated during updates. As a result, malformed fragment chains can bypass the intended validation and drive reassembly with inconsistent length state, leading to a local denial of service. Fix the accounting by storing the accumulated length in a length-typed field and rejecting update overflows before the existing validation logic runs. The fix was verified against the original reproducer and against valid fragment reassembly paths.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-24
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-52914
EUVD
EUVD-2026-38717
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
batman-adv batman-adv *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel component called batman-adv, which manages fragment reassembly of network packets.

Batman-adv keeps track of the total payload length of queued fragments to validate the fragment chain before reassembly.

However, the current method allows the accumulated fragment length to be truncated during updates, which means malformed fragment chains can bypass validation.

This leads to inconsistent length states during reassembly, causing a local denial of service.

The fix involves storing the accumulated length in a length-typed field and rejecting any update overflows before validation.

Impact Analysis

This vulnerability can lead to a local denial of service (DoS) on systems running the affected batman-adv component in the Linux kernel.

An attacker could exploit malformed fragment chains to bypass validation and cause the system to enter an inconsistent state during packet reassembly, potentially disrupting normal network operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52914. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart