PT-2026-51709 · Linux · Linux
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-52916
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: frag: disallow unicast fragment in fragment
batadv frag skb buffer() is called by batadv batman skb recv() when a
BATADV UNICAST FRAG packet is received. Once all fragments are collected
and the packet is reassembled, batadv recv frag packet() calls
batadv batman skb recv() again to process the defragmented payload.
A malicious sender can craft a BATADV UNICAST FRAG packet whose reassembled
payload is itself a BATADV UNICAST FRAG packet (matryoshka-style nesting).
Each nesting level recurses through batadv batman skb recv() without bound,
growing the kernel stack until it is exhausted.
Since refragmentation or fragments in fragments are not actually allowed,
discard all packets which are still BATADV UNICAST FRAG packets after the
defragmentation process.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux