CVE-2026-52919
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tp_meter counter underflow during shutdown batadv_tp_sender_shutdown() unconditionally decrements the "sending" atomic counter. If multiple paths (e.g. timeout, user cancel, and normal finish) call this function, the counter can underflow to -1. Since the sender logic treats any non-zero value as "still sending", a negative value causes the sender kthread to loop indefinitely. This leads to a use-after-free when the interface is removed while the zombie thread is still active. Fix this by using atomic_xchg() to ensure the counter only transitions from 1 to 0 once. [sven: added missing change in batadv_tp_send]
Affected versions
Linux kernel versions
4.8
and later are affected. Fixed in
5.10.258,
5.15.209,
6.1.175,
6.6.142,
6.12.92,
6.18.34,
7.0.11,
7.1
and their respective stable series.
References
8 totalFrequently asked questions
-
What is CVE-2026-52919?
CVE-2026-52919 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.8 onward and has been patched in 5.10.258, 5.15.209, 6.1.175 and others. CVE-2026-52919 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-52919?
Yes — CVE-2026-52919 has been patched. Fixed versions include 5.10.258, 5.15.209, 6.1.175 and others. If you are running Linux kernel 4.8 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-52919 actively exploited?
No — CVE-2026-52919 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.