Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-52922— batman-adv: dat: handle forward allocation error

CVSS 7.5 · High EPSS 0.39% · P32

Possible ATT&CK Techniques 1AI

T1211 · Exploitation for Stealth

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinux785ea1144182c341b8b85b0f8180291839d176a8< 9bcebaedfb8479cb4affb23c7a0d000ca9a20e73affected
785ea1144182c341b8b85b0f8180291839d176a8< 2edb8aeb3cdda9d00ec4997252dc5bcd6f54d8efaffected
785ea1144182c341b8b85b0f8180291839d176a8< ce0c381199402a2c58f4599f4f6ed100d872d0daaffected
785ea1144182c341b8b85b0f8180291839d176a8< 866ac1d57040ed0b44ca732e3c66b3aa6b93011caffected
785ea1144182c341b8b85b0f8180291839d176a8< 4d420d9ee70a220a2cd95aa0dd2e15acad66a505affected
785ea1144182c341b8b85b0f8180291839d176a8< 9cceea8eeba710def2a5707ee00f00c74a9a1cacaffected
785ea1144182c341b8b85b0f8180291839d176a8< cf48e75fc4fe0d5cc7721c82d454221d01367b93affected
785ea1144182c341b8b85b0f8180291839d176a8< 2d8826a2d3657cea66fb0370f9e521575a673871affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-52922

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
batman-adv: dat: handle forward allocation error
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadv_send_skb_prepare_unicast_4addr(). That function dereferences the skb unconditionally, so a failed allocation triggers a NULL pointer dereference. Skip forwarding to the current DHT candidate on allocation failure.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会开源的操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于batman-adv的dat组件中batadv_dat_forward_data()函数调用pskb_copy_for_clone()复制skb时未检查返回值,导致分配失败触发空指针取消引用。以下版本受到影响:3.8版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 785ea1144182c341b8b85b0f8180291839d176a8 ~ 9bcebaedfb8479cb4affb23c7a0d000ca9a20e73 -
LinuxLinux 3.8 -

II. Public POCs for CVE-2026-52922

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-52922

登录查看更多情报信息。

Patches & Fixes for CVE-2026-52922 (8)

Same Patch Batch · Linux · 2026-06-24 · 219 CVEs total

CVE-2026-530469.8 CRITICALksmbd: fix use-after-free from async crypto on Qualcomm crypto engine
CVE-2026-530889.8 CRITICALnet: bcmgenet: fix off-by-one in bcmgenet_put_txcb
CVE-2026-530109.8 CRITICALksmbd: fix use-after-free in smb2_open during durable reconnect
CVE-2026-530069.8 CRITICALipv6: fix possible UAF in icmpv6_rcv()
CVE-2026-530869.8 CRITICALnet: bcmgenet: fix racing timeout handler
CVE-2026-530029.8 CRITICALnetfilter: conntrack: remove sprintf usage
CVE-2026-529939.8 CRITICALtipc: fix double-free in tipc_buf_append()
CVE-2026-529899.8 CRITICALnvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers
CVE-2026-529869.8 CRITICALnetfilter: nf_conntrack_sip: don't use simple_strtoul
CVE-2026-529829.8 CRITICALnet: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()
CVE-2026-530459.8 CRITICALmemory: tegra124-emc: Fix dll_change check
CVE-2026-529559.8 CRITICALlibceph: Fix potential out-of-bounds access in crush_decode()
CVE-2026-530499.8 CRITICALgfs2: add some missing log locking
CVE-2026-529149.8 CRITICALbatman-adv: fix fragment reassembly length accounting
CVE-2026-529319.8 CRITICALbatman-adv: tp_meter: avoid use of uninit sender vars
CVE-2026-529249.8 CRITICALsctp: purge outqueue on stale COOKIE-ECHO handling
CVE-2026-530559.8 CRITICALcrypto: hisilicon/sec2 - prevent req used-after-free for sec
CVE-2026-530439.1 CRITICALocfs2/dlm: validate qr_numregions in dlm_match_regions()
CVE-2026-529999.1 CRITICALnetfilter: nfnetlink_osf: fix out-of-bounds read on option matching
CVE-2026-529589.1 CRITICALlibceph: Fix potential out-of-bounds access in osdmap_decode()

Showing top 20 of 219 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-52922

No comments yet


Leave a comment