CVE-2026-43382

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A deadlock can occur in the batman-adv module when the batadv v elp get throughput() function is called while the RTNL (Routing Netlink) lock is already held. This specifically happens when a work queue item is cancelled via cancel delayed work sync() in batadv v elp iface disable(). While rtnl trylock() was previously implemented to avoid this, the batadv get real netdev() function was still being called for cfg80211 interfaces, which also attempts to acquire the rtnl lock(), leading to the deadlock.

Recommendations Update the Linux kernel to a version where the batadv get real netdev() lockless version and ethtool get link ksettings() are utilized to prevent double-locking.