CVE-2026-52914
Analyzed Analyzed - Analysis Complete

Fragment Reassembly Length Bypass in Linux Kernel

Vulnerability report for CVE-2026-52914, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated fragment length to be truncated during updates. As a result, malformed fragment chains can bypass the intended validation and drive reassembly with inconsistent length state, leading to a local denial of service. Fix the accounting by storing the accumulated length in a length-typed field and rejecting update overflows before the existing validation logic runs. The fix was verified against the original reproducer and against valid fragment reassembly paths.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-08
Generated
2026-07-14
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.92 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.34 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.11 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.142 (exc)
linux linux_kernel From 3.13 (inc) to 5.10.258 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel component called batman-adv, which manages fragment reassembly of network packets.

Batman-adv keeps track of the total payload length of queued fragments to validate the fragment chain before reassembly.

However, the current method allows the accumulated fragment length to be truncated during updates, which means malformed fragment chains can bypass validation.

This leads to inconsistent length states during reassembly, causing a local denial of service.

The fix involves storing the accumulated length in a length-typed field and rejecting any update overflows before validation.

Impact Analysis

This vulnerability can lead to a local denial of service (DoS) on systems running the affected batman-adv component in the Linux kernel.

An attacker could exploit malformed fragment chains to bypass validation and cause the system to enter an inconsistent state during packet reassembly, potentially disrupting normal network operations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52914. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart