CVE Catalog

CVE-2026-52922

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile - higher than 31% of all known CVEs

Summary

In the Linux kernel, the batman-adv module (Distributed ARP Table) fails to check the return value of pskb_copy_for_clone(). A failed memory allocation leads to a NULL pointer dereference in batadv_send_skb_prepare_unicast_4addr(), causing a system crash.

Risk Assessment

An attacker can intentionally trigger memory exhaustion conditions to cause a kernel crash (DoS) on devices using batman-adv with DAT enabled.

Recommendation

Apply the Linux kernel patch containing the fix commit. If kernel update is not possible, consider disabling Distributed ARP Table (DAT) in batman-adv configuration.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadv_send_skb_prepare_unicast_4addr(). That function dereferences the skb unconditionally, so a failed allocation triggers a NULL pointer dereference. Skip forwarding to the current DHT candidate on allocation failure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS