CVE-2026-52913
In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadv_hard_iface is disabled, its mesh_iface pointer is set to NULL. However, batadv_v_ogm_send_meshif() may still dispatch OGMs via batadv_v_ogm_queue_on_if() for interfaces that have since lost their mesh_iface association. This results in a NULL pointer dereference when batadv_v_ogm_queue_on_if() unconditionally calls netdev_priv() on the now NULL hard_iface->mesh_iface to retrieve the batadv_priv. It is necessary to ensure that the batadv_v_ogm_queue_on_if() checks that it is using the same mesh_iface for which batadv_v_ogm_send_meshif() was called.
Affected versions
Linux kernel versions
4.6
and later are affected. Fixed in
5.10.259,
5.15.210,
6.1.176,
6.6.143,
6.12.93,
6.18.34,
7.0.11,
7.1
and their respective stable series.
References
8 totalFrequently asked questions
-
What is CVE-2026-52913?
CVE-2026-52913 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.6 onward and has been patched in 5.10.259, 5.15.210, 6.1.176 and others. CVE-2026-52913 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-52913?
Yes — CVE-2026-52913 has been patched. Fixed versions include 5.10.259, 5.15.210, 6.1.176 and others. If you are running Linux kernel 4.6 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-52913 actively exploited?
No — CVE-2026-52913 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.