VDB

CVE-2026-52916

CVE-2026-52916 PUBLISHED

Reported by Linux · Published June 24, 2026

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadv_frag_skb_buffer() is called by batadv_batman_skb_recv() when a BATADV_UNICAST_FRAG packet is received. Once all fragments are collected and the packet is reassembled, batadv_recv_frag_packet() calls batadv_batman_skb_recv() again to process the defragmented payload. A malicious sender can craft a BATADV_UNICAST_FRAG packet whose reassembled payload is itself a BATADV_UNICAST_FRAG packet (matryoshka-style nesting). Each nesting level recurses through batadv_batman_skb_recv() without bound, growing the kernel stack until it is exhausted. Since refragmentation or fragments in fragments are not actually allowed, discard all packets which are still BATADV_UNICAST_FRAG packets after the defragmentation process.

EPSS 0.18% · 7.5th percentile

Risk Scores

EPSS Score
0.18%
7.5th percentile

Affected Products

VendorProductVersions
LinuxLinux610bfc6bc99bc83680d190ebc69359a05fc7f605, 610bfc6bc99bc83680d190ebc69359a05fc7f605, 610bfc6bc99bc83680d190ebc69359a05fc7f605
LinuxLinux3.13, 0, 5.10.258
LinuxLinux7.1, 0, 5.10.258
linuxlinux_kernel3.13, 3.13, 3.13

Timeline

  • Jun 24, 2026 CVE Published
  • Jun 25, 2026 Coalition ESS Score
  • Jun 27, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›