CVE-2026-52922
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk31th percentile - higher than 31% of all known CVEs
Summary
In the Linux kernel, the batman-adv module (Distributed ARP Table) fails to check the return value of pskb_copy_for_clone(). A failed memory allocation leads to a NULL pointer dereference in batadv_send_skb_prepare_unicast_4addr(), causing a system crash.
Risk Assessment
An attacker can intentionally trigger memory exhaustion conditions to cause a kernel crash (DoS) on devices using batman-adv with DAT enabled.
Recommendation
Apply the Linux kernel patch containing the fix commit. If kernel update is not possible, consider disabling Distributed ARP Table (DAT) in batman-adv configuration.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadv_send_skb_prepare_unicast_4addr(). That function dereferences the skb unconditionally, so a failed allocation triggers a NULL pointer dereference. Skip forwarding to the current DHT candidate on allocation failure.

