In the Linux kernel, the following vulnerability has been resolved:
batman-adv: tp_meter: avoid use of uninit sender vars
batadvtprecvack() and batadvtpstop() are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that were never initialized, leading to undefined behavior.
This can be triggered when a node that is currently acting as a receiver in an ongoing tp_meter session receives a malicious ACK packet.
Guard against this by checking tpvars->role immediately after the lookup and bailing out if it is not BATADVTP_SENDER, before any of those members are accessed.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52931.json",
"cna_assigner": "Linux"
}