CVE-2026-52931

In the Linux kernel, the batman-adv TP meter logic could access sender-only fields when tp_vars had the BATADV_TP_RECEIVER role, causing undefined behavior. Specifically, batadv_tp_recv_ack() and batadv_tp_stop() are only valid for BATADV_TP_SENDER; if invoked while in the receiver role (e.g., wh...

EUVD-2026-38701

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...