CVE-2026-52919

Source
https://cve.org/CVERecord?id=CVE-2026-52919
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52919.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52919
Downstream
Published
2026-06-24T07:14:15.201Z
Modified
2026-07-10T03:54:25.563518587Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
batman-adv: fix tp_meter counter underflow during shutdown
Details

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: fix tp_meter counter underflow during shutdown

batadvtpsender_shutdown() unconditionally decrements the "sending" atomic counter. If multiple paths (e.g. timeout, user cancel, and normal finish) call this function, the counter can underflow to -1.

Since the sender logic treats any non-zero value as "still sending", a negative value causes the sender kthread to loop indefinitely. This leads to a use-after-free when the interface is removed while the zombie thread is still active.

Fix this by using atomic_xchg() to ensure the counter only transitions from 1 to 0 once.

[sven: added missing change in batadvtpsend]

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52919.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
33a3bb4a3345bb511f9c69c913da95d4693e2a4e
Fixed
e75e2ab463b5b34df6b98f94d740aff327ce9f6b
Fixed
abae88fa254f2981d39ac003a7b302528a22af64
Fixed
c66d20a3ff095e3f000551d208ec2606616db15c
Fixed
c1bac194733aabd731aafa6a01350c229e187dba
Fixed
01cefc5923889e29dbb5f281c3d457714ceb9c00
Fixed
90ae3eae06b7b8ab9f6250b9497c860915b4c17b
Fixed
aeae11c5dad9cd0d50723890bdd866f8e6db2e7d
Fixed
94f3b133168d1c49895e7cc6afbcf1cc0b354602

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52919.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.8.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.142
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.92
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.34
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.11

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52919.json"