CVE-2026-52916

Source
https://cve.org/CVERecord?id=CVE-2026-52916
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52916.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52916
Downstream
Published
2026-06-24T07:14:13.221Z
Modified
2026-07-10T03:54:01.149359156Z
Summary
batman-adv: frag: disallow unicast fragment in fragment
Details

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: frag: disallow unicast fragment in fragment

batadvfragskbbuffer() is called by batadvbatmanskbrecv() when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled, batadvrecvfragpacket() calls batadvbatmanskbrecv() again to process the defragmented payload.

A malicious sender can craft a BATADVUNICASTFRAG packet whose reassembled payload is itself a BATADVUNICASTFRAG packet (matryoshka-style nesting). Each nesting level recurses through batadvbatmanskb_recv() without bound, growing the kernel stack until it is exhausted.

Since refragmentation or fragments in fragments are not actually allowed, discard all packets which are still BATADVUNICASTFRAG packets after the defragmentation process.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52916.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
610bfc6bc99bc83680d190ebc69359a05fc7f605
Fixed
0c208fa3859e3a33a1c38bebc41d021166e94ac8
Fixed
bcda4814dc6524283c0b958882cb963d75fe411d
Fixed
aea54d0bbe156d5ab7d00d68f66149ff41f4612a
Fixed
b54e459cf86943583c1aa2ee3081874e7ab1f5f3
Fixed
5418be6c2e117bf8a316582795a8e3ff90f45e5d
Fixed
5895ad21c7059a652da83fb817510f7a1e962abf
Fixed
7138c35c9ad39a2fca6264af6b87466471f04ffc
Fixed
bc62216dc8e221e3781afa14430f45208bfa9af9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52916.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.13.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.142
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.92
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.34
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.11

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52916.json"