320 matches found
batman-adv: clear current gateway during teardown
...
batman-adv: dat: handle forward allocation error
...
batman-adv: fix tp_meter counter underflow during shutdown
...
batman-adv: tvlv: reject oversized TVLV packets
...
batman-adv: frag: disallow unicast fragment in fragment
...
batman-adv: tp_meter: avoid use of uninit sender vars
...
CVE-2026-52931
A flaw was found in the batman-adv tpmeter module of the Linux kernel. A remote attacker could exploit this vulnerability by sending a specially crafted acknowledgment ACK packet to a node configured as a receiver in an ongoing tpmeter session. This could lead to the use of uninitialized sender...
CVE-2026-52914
A flaw was found in the Linux kernel's batman-adv component. This vulnerability allows a local attacker to cause a denial of service DoS by sending malformed fragment chains. The flaw is due to incorrect accounting of fragment reassembly length, which can be truncated during updates, bypassing...
CVE-2026-52934
A flaw was found in the Linux kernel's batman-adv Better Approach To Mobile Ad-hoc Networking - Advanced module. An integer overflow vulnerability in the TVLV Type-Length-Value packet processing can lead to an undersized memory allocation. This allows a subsequent operation to write beyond the...
CVE-2026-52922
A flaw was found in the Linux kernel's batman-adv Better Approach To Mobile Ad-hoc Networking module. This vulnerability occurs because the batadvdatforwarddata function fails to validate the success of a memory allocation operation. An attacker could exploit this by triggering a scenario where t...
CVE-2026-52919
A flaw was found in the batman-adv module of the Linux kernel. During the shutdown process of the tpmeter sender, an atomic counter can underflow due to multiple decrements. This can cause the sender kernel thread to loop indefinitely, leading to a use-after-free vulnerability if the associated...
CVE-2026-52916
A flaw was found in the Linux kernel's batman-adv module. A remote attacker can exploit this vulnerability by sending specially crafted BATADVUNICASTFRAG packets, which are designed to contain other fragmented packets. This 'fragments in fragments' scenario causes the kernel to recursively proces...
CVE-2026-52931
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...
CVE-2026-52922
In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...
CVE-2026-52914
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...
CVE-2026-52919
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tpmeter counter underflow during shutdown batadvtpsendershutdown unconditionally decrements the "sending" atomic counter. If multiple paths e.g. timeout, user cancel, and normal finish call this function, the...
UBUNTU-CVE-2026-52922
In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...
UBUNTU-CVE-2026-52926
In the Linux kernel, the following vulnerability has been resolved: batman-adv: clear current gateway during teardown batadvgwnodefree removes the gateway list entries during mesh teardown, but it does not clear the currently selected gateway. This leaves stale gateway state behind across cleanup...
UBUNTU-CVE-2026-52914
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...
UBUNTU-CVE-2026-52931
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...