CVE-2026-52922
Analyzed Analyzed - Analysis Complete

batman-adv: DAT Forward Allocation Failure Handling

Vulnerability report for CVE-2026-52922, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadv_send_skb_prepare_unicast_4addr(). That function dereferences the skb unconditionally, so a failed allocation triggers a NULL pointer dereference. Skip forwarding to the current DHT candidate on allocation failure.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-08
Generated
2026-07-14
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.92 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.34 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.11 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.142 (exc)
linux linux_kernel From 3.8 (inc) to 5.10.258 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's batman-adv component, specifically in the dat module. The function batadv_dat_forward_data() attempts to duplicate a socket buffer (skb) for each DHT candidate by calling pskb_copy_for_clone(). However, it does not check if this duplication was successful before passing the skb to another function, batadv_send_skb_prepare_unicast_4addr(). Since this latter function dereferences the skb without verifying it is valid, a failed allocation results in a NULL pointer dereference, which can cause a crash or other unintended behavior.

Impact Analysis

The impact of this vulnerability is that it can cause a NULL pointer dereference in the Linux kernel, potentially leading to a kernel crash or denial of service. This can disrupt network functionality on systems using the batman-adv module, affecting system stability and availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52922. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart