CVE-2026-52926
Analyzed Analyzed - Analysis Complete

Memory Leak in Linux Kernel batman-adv Module

Vulnerability report for CVE-2026-52926, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: batman-adv: clear current gateway during teardown batadv_gw_node_free() removes the gateway list entries during mesh teardown, but it does not clear the currently selected gateway. This leaves stale gateway state behind across cleanup and can break a later mesh recreation. Clear bat_priv->gw.curr_gw before walking the gateway list so the selected gateway reference is dropped as part of teardown.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-08
Generated
2026-07-14
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.92 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.34 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.11 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.142 (exc)
linux linux_kernel From 3.1 (inc) to 5.10.258 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's batman-adv component, which manages mesh networking gateways. During the teardown process of the mesh network, the function batadv_gw_node_free() removes entries from the gateway list but fails to clear the reference to the currently selected gateway. This results in stale gateway state remaining after cleanup, which can cause issues when the mesh network is recreated later.

Impact Analysis

The impact of this vulnerability is that stale gateway references remain after a mesh network teardown, potentially breaking the recreation of the mesh network. This could lead to network instability or failure in mesh networking environments that rely on batman-adv, affecting connectivity and network reliability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52926. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart