CVE-2026-52914
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
In the Linux kernel, the batman-adv module has a vulnerability in fragment reassembly length accounting. The flaw allows malformed fragment chains to bypass validation, potentially causing a local denial of service.
Risk Assessment
A local attacker can exploit this vulnerability to trigger a system crash (DoS) by sending specially crafted packet fragments, disrupting network services.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit in the batman-adv branch). A system reboot is required after the update.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated fragment length to be truncated during updates. As a result, malformed fragment chains can bypass the intended validation and drive reassembly with inconsistent length state, leading to a local denial of service. Fix the accounting by storing the accumulated length in a length-typed field and rejecting update overflows before the existing validation logic runs. The fix was verified against the original reproducer and against valid fragment reassembly paths.

