CVE-2026-52922
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk31th percentile — higher than 31% of all known CVEs
Summary
In the Linux kernel, the batman-adv module (Distributed ARP Table) fails to check the return value of pskb_copy_for_clone(). A failed memory allocation leads to a NULL pointer dereference in batadv_send_skb_prepare_unicast_4addr(), causing a system crash.
Risk Assessment
An attacker can intentionally trigger memory pressure to cause a denial of service (DoS) via kernel crash on a mesh network node using batman-adv.
Recommendation
Immediately apply the Linux kernel patch containing the fix for CVE-2026-52922 or update the kernel to a patched version.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadv_send_skb_prepare_unicast_4addr(). That function dereferences the skb unconditionally, so a failed allocation triggers a NULL pointer dereference. Skip forwarding to the current DHT candidate on allocation failure.

