Skip to main content

Linux Kernel CVE-2026-52913

| EUVDEUVD-2026-38716 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-24 Linux GHSA-7c77-5hjp-3754
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

Race condition between interface teardown and workqueue dispatch elevates AC to H; local NET_ADMIN access required sets PR:L; impact is kernel crash only, so A:H with C:N and I:N.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 08, 2026 - 16:00 vuln.today
CVSS changed
Jul 08, 2026 - 15:22 NVD
5.5 (MEDIUM)
Patch available
Jun 24, 2026 - 09:16 EUVD
CVE Published
Jun 24, 2026 - 07:14 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 24, 2026 - 07:14 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: v: stop OGMv2 on disabled interface

When a batadv_hard_iface is disabled, its mesh_iface pointer is set to NULL. However, batadv_v_ogm_send_meshif() may still dispatch OGMs via batadv_v_ogm_queue_on_if() for interfaces that have since lost their mesh_iface association. This results in a NULL pointer dereference when batadv_v_ogm_queue_on_if() unconditionally calls netdev_priv() on the now NULL hard_iface->mesh_iface to retrieve the batadv_priv.

It is necessary to ensure that the batadv_v_ogm_queue_on_if() checks that it is using the same mesh_iface for which batadv_v_ogm_send_meshif() was called.

AnalysisAI

NULL pointer dereference in the Linux kernel's batman-adv OGMv2 subsystem allows a local low-privilege user to crash the kernel by racing interface teardown against OGM dispatch. When a batman-adv hard interface is disabled and its mesh_iface pointer is set to NULL, the batadv_v_ogm_queue_on_if() function continues to call netdev_priv() on that NULL pointer, triggering a kernel panic. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privilege access with NET_ADMIN capability
Delivery
Confirm batman-adv module loaded with active mesh interface
Exploit
Repeatedly disable mesh interface to set mesh_iface to NULL
Execution
Race OGMv2 workqueue dispatch in batadv_v_ogm_send_meshif
Persist
NULL dereference in batadv_v_ogm_queue_on_if via netdev_priv
Impact
Kernel panic and system crash

Vulnerability AssessmentAI

Exploitation The batman-adv kernel module must be loaded and at least one batman-adv mesh interface must be configured and actively transmitting OGMv2 packets - this is a non-default configuration not present in standard Linux installs. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 5.5 with AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H accurately describes a local, low-privilege denial-of-service with no data exposure or privilege escalation potential. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with NET_ADMIN capability on a Linux system running batman-adv repeatedly issues interface-disable commands (e.g., via batctl or ip link set down on a mesh interface) in rapid succession while the OGMv2 workqueue is actively dispatching packets. The race window closes when batadv_v_ogm_queue_on_if() fires after mesh_iface has been set to NULL, causing netdev_priv() to dereference the NULL pointer and crashing the kernel. …
Remediation Upgrade the Linux kernel to a patched stable release: 5.10.259, 5.15.210, 6.1.176, 6.6.143, 6.12.93, 6.18.34, 7.0.11, or 7.1. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-52913 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy