585 matches found
batman-adv: fix tp_meter counter underflow during shutdown
...
batman-adv: tp_meter: avoid use of uninit sender vars
...
CVE-2026-52931
A flaw was found in the batman-adv tpmeter module of the Linux kernel. A remote attacker could exploit this vulnerability by sending a specially crafted acknowledgment ACK packet to a node configured as a receiver in an ongoing tpmeter session. This could lead to the use of uninitialized sender...
CVE-2026-52919
A flaw was found in the batman-adv module of the Linux kernel. During the shutdown process of the tpmeter sender, an atomic counter can underflow due to multiple decrements. This can cause the sender kernel thread to loop indefinitely, leading to a use-after-free vulnerability if the associated...
CVE-2026-52919
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tpmeter counter underflow during shutdown batadvtpsendershutdown unconditionally decrements the "sending" atomic counter. If multiple paths e.g. timeout, user cancel, and normal finish call this function, the...
UBUNTU-CVE-2026-52919
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tpmeter counter underflow during shutdown batadvtpsendershutdown unconditionally decrements the "sending" atomic counter. If multiple paths e.g. timeout, user cancel, and normal finish call this function, the...
CVE-2026-52931
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...
CVE-2026-52931 batman-adv: tp_meter: avoid use of uninit sender vars
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...
CVE-2026-52931
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...
EUVD-2026-38722
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tpmeter counter underflow during shutdown batadvtpsendershutdown unconditionally decrements the "sending" atomic counter. If multiple paths e.g. timeout, user cancel, and normal finish call this function, the...
CVE-2026-52919 batman-adv: fix tp_meter counter underflow during shutdown
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tpmeter counter underflow during shutdown batadvtpsendershutdown unconditionally decrements the "sending" atomic counter. If multiple paths e.g. timeout, user cancel, and normal finish call this function, the...
CVE-2026-52919
CVE-2026-52919 affects the batman-adv component in the Linux kernel. The root cause is an underflow of the atomic counter “sending” in batadv_tp_sender_shutdown(), which is decremented unconditionally and can become -1 when multiple code paths call it. A negative value causes the sender kthread t...
CVE-2026-52919
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tpmeter counter underflow during shutdown batadvtpsendershutdown unconditionally decrements the "sending" atomic counter. If multiple paths e.g. timeout, user cancel, and normal finish call this function, the...
PT-2026-51724
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the functions batadv tp recv ack and batadv tp stop incorrectly process tp vars when the role is set to BATADV TP RECEIVER. In this state,...
PT-2026-51712
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv tp sender shutdown function unconditionally decrements the sending atomic counter. If this function is called multiple times...
Linux Distros Unpatched Vulnerability : CVE-2026-52931
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a...
OpenMeter: SQL injection through meter creation
Summary An authenticated tenant can inject arbitrary SQL through the valueProperty or groupBy fields of POST /api/v1/meters. The injection passes the application's JSONPath validation check and executes against the shared ClickHouse database, which contains event data for all tenants with no...
GHSA-WC3V-3457-C8CM OpenMeter: SQL injection through meter creation
Summary An authenticated tenant can inject arbitrary SQL through the valueProperty or groupBy fields of POST /api/v1/meters. The injection passes the application's JSONPath validation check and executes against the shared ClickHouse database, which contains event data for all tenants with no...
PT-2026-46869
Summary An authenticated tenant can inject arbitrary SQL through the valueProperty or groupBy fields of POST /api/v1/meters. The injection passes the application's JSONPath validation check and executes against the shared ClickHouse database, which contains event data for all tenants with no...
batman-adv: stop tp_meter sessions during mesh teardown
...