Skip to main content

Linux Kernel CVE-2026-52914

| EUVDEUVD-2026-38717 CRITICAL
Out-of-bounds Write (CWE-787)
2026-06-24 Linux GHSA-637x-w8p5-96wm
9.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
6.5 MEDIUM

Malformed fragments arrive over the layer-2 mesh so AV:A; no auth or interaction needed beyond mesh participation (PR:N/UI:N); upstream describes availability-only DoS, so C:N/I:N/A:H.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 10:33 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
9.8 (CRITICAL)
Patch available
Jun 24, 2026 - 09:16 EUVD
CVE Published
Jun 24, 2026 - 07:14 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 24, 2026 - 07:14 cve.org
CRITICAL 9.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: fix fragment reassembly length accounting

batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly.

That accounting currently allows the accumulated fragment length to be truncated during updates. As a result, malformed fragment chains can bypass the intended validation and drive reassembly with inconsistent length state, leading to a local denial of service.

Fix the accounting by storing the accumulated length in a length-typed field and rejecting update overflows before the existing validation logic runs.

The fix was verified against the original reproducer and against valid fragment reassembly paths.

AnalysisAI

Denial of service in the Linux kernel's batman-adv mesh networking module arises from faulty length accounting during fragment reassembly, where the accumulated payload length can be truncated during updates, letting malformed fragment chains bypass validation and drive reassembly with inconsistent length state. The flaw affects systems running the B.A.T.M.A.N. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Join or compromise mesh node
Delivery
Craft malformed fragment chain
Exploit
Send fragments to target peer
Execution
Bypass length validation in batman-adv
Persist
Reassembly with inconsistent length state
Impact
Kernel crash/hang (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires the target kernel to be built with CONFIG_BATMAN_ADV and have the batman-adv module loaded and actively participating in a B.A.T.M.A.N. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals conflict sharply and should not be taken at face value. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to the same batman-adv mesh segment (a rogue or compromised mesh node) crafts a malformed fragment chain whose advertised lengths trigger the truncated length accounting on a peer. The victim kernel reassembles with inconsistent length state and crashes or hangs, causing a denial of service on that node. …
Remediation Vendor-released patch: upgrade to a fixed stable kernel - 5.10.258, 5.15.209, 6.1.175, 6.6.142, 6.12.92, 6.18.34, 7.0.11, or 7.1 (or your distribution's backported equivalent), referencing the kernel.org commits such as https://git.kernel.org/stable/c/e4f3f6b818aa6a678bc54a2d4e0bece2303c6a64 and https://git.kernel.org/stable/c/37be61825b15534a16ff9cfc9546de155b6df982. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running batman-adv kernel module across data centers and edge infrastructure; verify patch availability through kernel vendor advisories. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-52914 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy