In the Linux kernel, the following vulnerability has been resolved:
batman-adv: Avoid double-rtnl_lock ELP metric worker
batadvvelpgetthroughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync() in batadvvelpifacedisable(). In this case, an rtnllock() would cause a deadlock.
To avoid this, rtnl_trylock() was used in this function to skip the retrieval of the ethtool information in case the RTNL lock was already held.
But for cfg80211 interfaces, batadvgetrealnetdev() was called - which also uses rtnllock(). The approach for __ethtoolgetlink_ksettings() must also be used instead and the lockless version _batadvgetrealnetdev() has to be called.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43382.json",
"cna_assigner": "Linux"
}