Description
In the Linux kernel, the following vulnerability has been resolved:

batman-adv: dat: handle forward allocation error

batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb
for each DHT candidate, but does not check the return value before passing
it to batadv_send_skb_prepare_unicast_4addr(). That function dereferences
the skb unconditionally, so a failed allocation triggers a NULL pointer
dereference.

Skip forwarding to the current DHT candidate on allocation failure.
Published: 2026-06-24
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw in the batman‑adv driver causes a null pointer dereference when packet forwarding fails due to memory allocation errors. Because batadv_dat_forward_data() does not check the return value of pskb_copy_for_clone(), the subsequent batadv_send_skb_prepare_unicast_4addr() function dereferences a NULL pointer, leading to a kernel panic and a system crash. This defect is classified as CWE‑476 and results in a denial‑of‑service that could allow local attackers to disrupt network services and potentially elevate privileges if the crash forces a reboot of privileged processes.

Affected Systems

The vulnerability affects the Linux kernel across all releases prior to the commit that added a NULL-check in batadv_dat_forward_data(). The impacted component is the batman‑adv networking driver within the kernel's network stack.

Risk and Exploitability

A CVSS score is not published, so the precise severity is uncertain, but the defect can bring a system to a failed state with a null pointer dereference. The bug can be triggered via crafted packets that cause a memory allocation failure during forwarding, so an attacker with packet injection capability can exploit it. Exploitability is moderate to high because the condition only requires forcing a kernel allocation failure, which is feasible in many network environments. The issue is not listed in CISA KEV and the EPSS score is not available, indicating no currently observed widespread exploitation but the risk remains high due to the critical nature of the crash.

Generated by OpenCVE AI on June 24, 2026 at 13:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel version that includes the batman‑adv fix, such as the latest stable release after the relevant commit.
  • If the batman‑adv driver is not required, disable or uninstall it to eliminate the attack surface.
  • Apply the upstream patch or patch the kernel if an official update is not yet available, and consider rebooting to prevent batman‑adv packet processing until the fix is deployed.

Generated by OpenCVE AI on June 24, 2026 at 13:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 24 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadv_send_skb_prepare_unicast_4addr(). That function dereferences the skb unconditionally, so a failed allocation triggers a NULL pointer dereference. Skip forwarding to the current DHT candidate on allocation failure.
Title batman-adv: dat: handle forward allocation error
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T07:14:17.185Z

Reserved: 2026-06-09T07:44:35.367Z

Link: CVE-2026-52922

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T13:15:15Z

Weaknesses