Description
In the Linux kernel, the following vulnerability has been resolved:

batman-adv: dat: handle forward allocation error

batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb
for each DHT candidate, but does not check the return value before passing
it to batadv_send_skb_prepare_unicast_4addr(). That function dereferences
the skb unconditionally, so a failed allocation triggers a NULL pointer
dereference.

Skip forwarding to the current DHT candidate on allocation failure.
Published: 2026-06-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The batman‑adv networking module contains a flaw where the function batadv_dat_forward_data() duplicates an skb for each DHT candidate by calling pskb_copy_for_clone() but fails to test whether the allocation succeeded. When the allocation fails, the skb passed to batadv_send_skb_prepare_unicast_4addr() is NULL panic. The vulnerability is classified as CWE‑252 (Unchecked Return Value) and results in a denial‑of‑service condition whenever it is exercised.

Affected Systems

This issue affects all Linux kernel releases that include the batman‑adv driver before the commit that introduced the NULL‑check. The attack surface is the network stack handling mesh networking traffic on machines that have batman‑adv enabled. No specific kernel version range is listed in the advisory; however, any kernel version containing batman‑adv prior to the patch is considered vulnerable.

Risk and Exploitability

Based on the description, it is inferred that an attacker could trigger the bug by sending a crafted packet that forces memory allocation failure during forwarding, so the attack vector is network‑based packet injection. The EPSS score of <1% indicates a very low chance of real‑world exploitation7.5 reflects a high severity, and the vulnerability is not listed in the CISA KEV catalog, suggesting that there are no known widespread attacks. Nonetheless, Internet developers must treat the kernel crash as a critical denial‑of‑service risk for affected systems.

Generated by OpenCVE AI on June 28, 2026 at 13:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the commit that adds the NULL‑check to batadv_dat_forward_data() and reboot.
  • Upgrade the kernel to a version that includes this fix.
  • If batman‑adv is not required, disable or remove the driver to eliminate the vulnerability.

Generated by OpenCVE AI on June 28, 2026 at 13:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Thu, 25 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 25 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 24 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadv_send_skb_prepare_unicast_4addr(). That function dereferences the skb unconditionally, so a failed allocation triggers a NULL pointer dereference. Skip forwarding to the current DHT candidate on allocation failure.
Title batman-adv: dat: handle forward allocation error
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:36:43.785Z

Reserved: 2026-06-09T07:44:35.367Z

Link: CVE-2026-52922

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52922 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:00:21Z

Weaknesses