Skip to main content

Linux Kernel CVE-2026-43382

| EUVDEUVD-2026-28688 MEDIUM
Improper Locking (CWE-667)
2026-05-08 Linux GHSA-36qq-553f-w4ww
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 08, 2026 - 11:40 vuln.today
CVSS changed
May 26, 2026 - 17:22 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
MEDIUM 5.5
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: Avoid double-rtnl_lock ELP metric worker

batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case, an rtnl_lock() would cause a deadlock.

To avoid this, rtnl_trylock() was used in this function to skip the retrieval of the ethtool information in case the RTNL lock was already held.

But for cfg80211 interfaces, batadv_get_real_netdev() was called - which also uses rtnl_lock(). The approach for __ethtool_get_link_ksettings() must also be used instead and the lockless version __batadv_get_real_netdev() has to be called.

AnalysisAI

Deadlock in the Linux kernel's batman-adv ELP metric worker allows a local low-privileged user to trigger a kernel hang and cause a denial of service. The flaw exists in batadv_v_elp_get_throughput() where a previous fix using rtnl_trylock() for the ethtool path failed to cover the cfg80211 interface path, which still called batadv_get_real_netdev() - itself internally invoking rtnl_lock(). When batadv_v_elp_iface_disable() cancels the work queue via cancel_delayed_work_sync() while the RTNL lock is already held, this double-lock acquisition produces a deadlock. No public exploit identified at time of analysis, and EPSS of 0.02% confirms very low real-world exploitation probability.

Technical ContextAI

B.A.T.M.A.N. Advanced (batman-adv) is a mesh networking protocol implemented as a Linux kernel module. Its ELP (Echo Location Protocol) worker periodically measures link throughput to inform routing decisions. The RTNL (Route Netlink) lock is a global kernel mutex serializing network device configuration changes. CWE-667 (Improper Locking) describes the root cause: an incomplete locking strategy where rtnl_trylock() was correctly applied to the ethtool (__ethtool_get_link_ksettings) path to avoid re-entrant deadlock, but the cfg80211 wireless interface path continued using the blocking batadv_get_real_netdev(), which calls rtnl_lock() unconditionally. The fix replaces this with the lockless variant __batadv_get_real_netdev(), consistent with the existing ethtool mitigation. Affected CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*. The vulnerability spans multiple stable kernel branches from at least 5.10 through pre-patch 7.0.

RemediationAI

The primary fix is to upgrade the Linux kernel to a patched stable release: 5.10.253 or later in the 5.10.x series, 5.15.203 or later in the 5.15.x series, 6.1.167 or later in the 6.1.x series, 6.6.130 or later in the 6.6.x series, 6.12.78 or later in the 6.12.x series, 6.18.19 or later in the 6.18.x series, 6.19.9 or later in the 6.19.x series, or 7.0. Patch commits are indexed at https://git.kernel.org/stable/c/. If an immediate kernel upgrade is not feasible, unloading the batman-adv kernel module (modprobe -r batman-adv) eliminates the vulnerable code path entirely - trade-off being loss of all mesh networking functionality provided by batman-adv. Red Hat and SUSE downstream advisories should be monitored independently for distribution-specific package updates, as no RHSA or SUSE advisory was present in the provided references at time of analysis.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43382 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy