PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43382 Linux CVE debrief

A deadlock vulnerability exists in the Linux kernel's B.A.T.M.A.N. advanced (batman-adv) mesh networking subsystem. The flaw occurs in the ELP (Echo Location Protocol) metric worker when batadv_v_elp_get_throughput() is called while the RTNL (routing/netlink) lock is already held. A previous fix attempted to use rtnl_trylock() to avoid deadlock when retrieving ethtool information, but failed to address that batadv_get_real_netdev() also acquires rtnl_lock(). When cancel_delayed_work_sync() is invoked in batadv_v_elp_iface_disable() with the RTNL lock held, this creates a double-lock scenario causing kernel deadlock and denial of service. The vulnerability affects multiple stable kernel branches and has been resolved by using the lockless __batadv_get_real_netdev() variant consistent with the ethtool approach.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-26
Advisory published
2026-05-08
Advisory updated
2026-05-26

Who should care

Organizations running Linux systems with batman-adv mesh networking enabled, particularly in wireless mesh deployments, community networks, or embedded/IoT devices using B.A.T.M.A.N. routing. System administrators maintaining kernel versions in affected ranges should prioritize patching to prevent potential system hangs during network interface reconfiguration.

Technical summary

The batman-adv kernel module's ELP throughput measurement function batadv_v_elp_get_throughput() can trigger a deadlock when called with the RTNL lock already held. The original fix using rtnl_trylock() for ethtool operations was incomplete because batadv_get_real_netdev() internally calls rtnl_lock(). During interface disable operations (batadv_v_elp_iface_disable()), cancel_delayed_work_sync() may execute the ELP worker with RTNL held, causing recursive lock acquisition. The resolution replaces batadv_get_real_netdev() with __batadv_get_real_netdev() to maintain lock consistency with the ethtool path, preventing the double-lock condition.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel patches from stable branches: 5.4.291+, 5.10.235+, 5.15.179+, 6.1.129+, 6.6.79+, 6.12.16+, 6.13.4+, 6.14.1+, 6.19+
  • Upgrade to fixed kernel versions: 5.5, 5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.14, 6.18.19, 6.19.9 or later
  • If batman-adv mesh networking is not required, consider disabling the kernel module as a temporary risk reduction measure
  • Monitor systems using batman-adv for unexpected hangs or soft lockups in network path management
  • Review kernel logs for deadlock warnings involving batadv_v_elp_get_throughput or rtnl_lock

Evidence notes

CVE published 2026-05-08; modified 2026-05-26. NVD status: Analyzed. CVSS 3.1: 5.5 (MEDIUM). CWE-667: Improper Locking. Affects batman-adv ELP metric worker in Linux kernel versions 5.4.291 through 5.5 (excluding), 5.10.235 through 5.10.253 (excluding), 5.15.179 through 5.15.203 (excluding), 6.1.129 through 6.1.167 (excluding), 6.6.79 through 6.6.130 (excluding), 6.12.16 through 6.12.78 (excluding), 6.13.4 through 6.14 (excluding), 6.14.1 through 6.18.19 (excluding), 6.19 through 6.19.9 (excluding), plus 6.14, 6.14:rc3-rc7, and 7.0:rc1-rc2.

Official resources

2026-05-08