CVE-2026-52934
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadv_tvlv_container_ogm_append() builds a TVLV packet section from the tvlv.container_list. The total size of this section is computed by batadv_tvlv_container_list_size(), which sums the sizes of all registered containers. The return type and accumulator in batadv_tvlv_container_list_size() were u16. If the accumulated size exceeds U16_MAX, the value wraps around, causing the subsequent allocation in batadv_tvlv_container_ogm_append() to be undersized. The memcpy-style copy that follows would then write beyond the end of the allocated buffer, corrupting kernel memory. Fix this by widening the return type of batadv_tvlv_container_list_size() to size_t. In batadv_tvlv_container_ogm_append(), check the computed length against U16_MAX before proceeding, and bail out as if the allocation had failed when the limit is exceeded.
Affected versions
Linux kernel versions
3.13
and later are affected. Fixed in
5.10.259,
5.15.210,
6.1.176,
6.6.143,
6.12.93,
6.18.34,
7.0.11,
7.1
and their respective stable series.
References
8 totalFrequently asked questions
-
What is CVE-2026-52934?
CVE-2026-52934 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.13 onward and has been patched in 5.10.259, 5.15.210, 6.1.176 and others. CVE-2026-52934 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-52934?
Yes — CVE-2026-52934 has been patched. Fixed versions include 5.10.259, 5.15.210, 6.1.176 and others. If you are running Linux kernel 3.13 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-52934 actively exploited?
No — CVE-2026-52934 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.