CVE-2026-52919 Linux CVE debrief

Who should care

Linux kernel users and administrators should be aware of this vulnerability, as it can be exploited to cause a denial-of-service or potentially lead to code execution. Users of the batman-adv module are particularly affected. Linux distributions and vendors should prioritize patching this vulnerability to prevent potential attacks.

Technical summary

The vulnerability is located in the batman-adv module of the Linux kernel. The batadv_tp_sender_shutdown() function unconditionally decrements the 'sending' atomic counter, which can cause an underflow if multiple paths call this function. This underflow leads to the sender kthread looping indefinitely, resulting in a use-after-free when the interface is removed. The fix involves using atomic_xchg() to ensure the counter only transitions from 1 to 0 once. Multiple source references are available, including several commit hashes from the Linux kernel repository.

Defensive priority

This vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. Linux kernel users and administrators should prioritize patching this vulnerability to prevent potential attacks.

Recommended defensive actions

• Apply the official patch from the Linux kernel repository.
• Review and update Linux kernel packages to ensure the patched version is installed.
• Monitor system logs for potential exploitation attempts.
• Consider implementing additional security controls, such as network segmentation and access controls, to limit the attack surface.
• Perform a thorough inventory of affected systems and prioritize patching based on risk and exposure.

Evidence notes

The CVE record and NVD detail pages provide information on this vulnerability. Multiple source references are available from the Linux kernel repository, including commit hashes for the patched versions.

Official resources