Description
In the Linux kernel, the following vulnerability has been resolved:

batman-adv: Avoid double-rtnl_lock ELP metric worker

batadv_v_elp_get_throughput() might be called when the RTNL lock is already
held. This could be problematic when the work queue item is cancelled via
cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case,
an rtnl_lock() would cause a deadlock.

To avoid this, rtnl_trylock() was used in this function to skip the
retrieval of the ethtool information in case the RTNL lock was already
held.

But for cfg80211 interfaces, batadv_get_real_netdev() was called - which
also uses rtnl_lock(). The approach for __ethtool_get_link_ksettings() must
also be used instead and the lockless version __batadv_get_real_netdev()
has to be called.
Published: 2026-05-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The batadv_v_elp_get_throughput function in the batman-adv driver can be invoked while the RTNL lock is already held, which causes a deadlock when cancel_delayed_work_sync cancels the work queue item. The resulting lock contention stalls critical network stack operations, effectively denying network services. This vulnerability is a classic example of improper locking leading to a deadlock and race condition (CWE‑833 and CWE‑667).

Affected Systems

All Linux kernel releases that ship the batman‑adv driver prior to the fix are affected. The vendor is Linux, product the Linux kernel; no specific version range is provided, so any active batman‑adv installation that predates the commit 192f40ad8a7dac58dae9199a065dbf7e6e67b75b is vulnerable.

Risk and Exploitability

Explicit exploitation metrics are unavailable; the EPSS score is < 1% (0.00032), indicating a very low but nonzero probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The issue requires local code execution or a malicious module to trigger the problematic path, making the attack vector local. The impact is a denial of service via kernel deadlock, which can be considered moderate to high risk in environments that rely on batman‑adv for network connectivity.

Generated by OpenCVE AI on May 26, 2026 at 18:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that includes the batman‑adv concurrency fix (commit 192f40ad8a7dac58dae9199a065dbf7e6e67b75b or later).
  • Reboot the system or restart the networking stack to ensure the updated driver takes effect.
  • If upgrading the kernel immediately is not possible, monitor for signs of lock contention and consider temporarily disabling the batman‑adv interface during maintenance windows to avoid a deadlock.

Generated by OpenCVE AI on May 26, 2026 at 18:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Tue, 26 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-667
CPEs cpe:2.3:o:linux:linux_kernel:6.14:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 09 May 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833
References

Fri, 08 May 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnl_lock ELP metric worker batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case, an rtnl_lock() would cause a deadlock. To avoid this, rtnl_trylock() was used in this function to skip the retrieval of the ethtool information in case the RTNL lock was already held. But for cfg80211 interfaces, batadv_get_real_netdev() was called - which also uses rtnl_lock(). The approach for __ethtool_get_link_ksettings() must also be used instead and the lockless version __batadv_get_real_netdev() has to be called.
Title batman-adv: Avoid double-rtnl_lock ELP metric worker
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:06:54.305Z

Reserved: 2026-05-01T14:12:56.006Z

Link: CVE-2026-43382

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T15:16:49.463

Modified: 2026-05-26T17:15:10.450

Link: CVE-2026-43382

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43382 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T19:00:15Z

Weaknesses