Skip to main content

Linux Kernel EUVDEUVD-2026-38729

| CVE-2026-52926 MEDIUM
2026-06-24 Linux GHSA-r223-r4pf-42r9
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only vector confirmed; PR:L reflects that triggering batman-adv teardown requires at minimum low-privilege local access; no confidentiality or integrity impact applies.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 08, 2026 - 16:10 vuln.today
CVSS changed
Jul 08, 2026 - 15:37 NVD
5.5 (MEDIUM)
Patch available
Jun 24, 2026 - 09:16 EUVD
CVE Published
Jun 24, 2026 - 07:14 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 24, 2026 - 07:14 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: clear current gateway during teardown

batadv_gw_node_free() removes the gateway list entries during mesh teardown, but it does not clear the currently selected gateway. This leaves stale gateway state behind across cleanup and can break a later mesh recreation.

Clear bat_priv->gw.curr_gw before walking the gateway list so the selected gateway reference is dropped as part of teardown.

AnalysisAI

Stale gateway pointer in the Linux kernel's batman-adv mesh networking subsystem causes availability failures during mesh teardown and recreation. The batman-adv gateway cleanup function batadv_gw_node_free() frees gateway list entries without clearing bat_priv->gw.curr_gw, leaving a dangling reference that persists across cleanup and breaks subsequent mesh recreation attempts. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privilege access
Delivery
Load or use active batman-adv mesh
Exploit
Trigger mesh interface teardown
Execution
Stale curr_gw pointer persists in bat_priv
Persist
Attempt mesh recreation dereferences stale pointer
Impact
Kernel panic or availability failure

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) local access to the target system with at least low-privilege credentials (CVSS PR:L); (2) the batman-adv kernel module must be loaded and in active use - this is a non-default configuration present only on mesh networking deployments; (3) the attacker or an administrator must trigger a mesh teardown cycle followed by a mesh recreation attempt to dereference the stale pointer. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is low despite the High availability impact rating. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with low-privilege access on a system running batman-adv mesh networking creates a mesh interface, then triggers teardown of the mesh - either through legitimate administrative action or by manipulating network namespace teardown. The stale `curr_gw` pointer left in `bat_priv->gw.curr_gw` is subsequently dereferenced during an attempt to recreate or reinitialize the mesh, causing a kernel panic or undefined behavior and resulting in a system availability impact. …
Remediation Upgrade to a patched stable kernel release: 5.10.258 or later for the 5.10 LTS branch, 5.15.209 or later for the 5.15 LTS branch, 6.1.175 or later for the 6.1 LTS branch, 6.6.142 or later for the 6.6 LTS branch, 6.12.92 or later for the 6.12 branch, 6.18.34 or later for the 6.18 branch, 7.0.11 or later for the 7.0 branch, or 7.1 and later. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38729 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy