CVE Catalog

CVE-2026-52922

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile — higher than 31% of all known CVEs

Summary

In the Linux kernel, the batman-adv module (Distributed ARP Table) fails to check the return value of pskb_copy_for_clone(). A failed memory allocation leads to a NULL pointer dereference in batadv_send_skb_prepare_unicast_4addr(), causing a system crash.

Risk Assessment

An attacker can intentionally trigger memory pressure to cause a denial of service (DoS) via kernel crash on a mesh network node using batman-adv.

Recommendation

Immediately apply the Linux kernel patch containing the fix for CVE-2026-52922 or update the kernel to a patched version.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadv_send_skb_prepare_unicast_4addr(). That function dereferences the skb unconditionally, so a failed allocation triggers a NULL pointer dereference. Skip forwarding to the current DHT candidate on allocation failure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS