SB20260626219 - Use-after-free in Linux kernel batman-adv
Published: June 26, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-52919)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service and trigger a use-after-free.
The vulnerability exists due to a use-after-free in batadv_tp_sender_shutdown() and batadv_tp_send() in the batman-adv tp_meter component when shutting down the throughput meter sender through multiple paths. A local user can trigger timeout, cancellation, or normal completion paths to cause a denial of service and trigger a use-after-free.
The issue occurs because the sending counter can underflow to a negative value, causing the sender kernel thread to continue running after interface removal.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/01cefc5923889e29dbb5f281c3d457714ceb9c00
- https://git.kernel.org/stable/c/90ae3eae06b7b8ab9f6250b9497c860915b4c17b
- https://git.kernel.org/stable/c/94f3b133168d1c49895e7cc6afbcf1cc0b354602
- https://git.kernel.org/stable/c/abae88fa254f2981d39ac003a7b302528a22af64
- https://git.kernel.org/stable/c/aeae11c5dad9cd0d50723890bdd866f8e6db2e7d
- https://git.kernel.org/stable/c/c1bac194733aabd731aafa6a01350c229e187dba
- https://git.kernel.org/stable/c/c66d20a3ff095e3f000551d208ec2606616db15c
- https://git.kernel.org/stable/c/e75e2ab463b5b34df6b98f94d740aff327ce9f6b