NVD

CVE-2026-52914 Detail

Received

This CVE record has recently been published to the CVE List and has been included within the NVD dataset.

Description

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated fragment length to be truncated during updates. As a result, malformed fragment chains can bypass the intended validation and drive reassembly with inconsistent length state, leading to a local denial of service. Fix the accounting by storing the accumulated length in a length-typed field and rejecting update overflows before the existing validation logic runs. The fix was verified against the original reproducer and against valid fragment reassembly paths.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

Nist CVSS score does not match with CNA score

CNA: kernel.org

Base Score: 9.8 CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/37be61825b15534a16ff9cfc9546de155b6df982	kernel.org
https://git.kernel.org/stable/c/3eb8bcb823391bd58997831b3c9c152a4ba8e255	kernel.org
https://git.kernel.org/stable/c/975563c5de1123dde1ec7946bf5556d20c89d74e	kernel.org
https://git.kernel.org/stable/c/9cd3f16c320bfdadd4509358122368deb56a5741	kernel.org
https://git.kernel.org/stable/c/e4f3f6b818aa6a678bc54a2d4e0bece2303c6a64	kernel.org
https://git.kernel.org/stable/c/e910dbf509125fe51ad68e4fa74dc8ab0a8e787a	kernel.org
https://git.kernel.org/stable/c/f653b040dad1af70fa5cd4fe085e4758925480c9	kernel.org
https://git.kernel.org/stable/c/fdb2c96efb2baeb3725e9ce3ede8f1e36f5490f0	kernel.org

Weakness Enumeration

CWE-ID	CWE Name	Source

Change History

2 change records found show changes

New CVE Received from kernel.org 6/24/2026 4:16:21 AM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated fragment length to be truncated during updates. As a result, malformed fragment chains can bypass the intended validation and drive reassembly with inconsistent length state, leading to a local denial of service. Fix the accounting by storing the accumulated length in a length-typed field and rejecting update overflows before the existing validation logic runs. The fix was verified against the original reproducer and against valid fragment reassembly paths.
Added	Reference	https://git.kernel.org/stable/c/37be61825b15534a16ff9cfc9546de155b6df982
Added	Reference	https://git.kernel.org/stable/c/3eb8bcb823391bd58997831b3c9c152a4ba8e255
Added	Reference	https://git.kernel.org/stable/c/975563c5de1123dde1ec7946bf5556d20c89d74e
Added	Reference	https://git.kernel.org/stable/c/9cd3f16c320bfdadd4509358122368deb56a5741
Added	Reference	https://git.kernel.org/stable/c/e4f3f6b818aa6a678bc54a2d4e0bece2303c6a64
Added	Reference	https://git.kernel.org/stable/c/e910dbf509125fe51ad68e4fa74dc8ab0a8e787a
Added	Reference	https://git.kernel.org/stable/c/f653b040dad1af70fa5cd4fe085e4758925480c9
Added	Reference	https://git.kernel.org/stable/c/fdb2c96efb2baeb3725e9ce3ede8f1e36f5490f0
Added	Affected	Record truncated, showing 2048 of 2523 characters. View Entire Change Record [{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/fragmentation.c","net/batman-adv/types.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"e4f3f6b818aa6a678bc54a2d4e0bece2303c6a64","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"37be61825b15534a16ff9cfc9546de155b6df982","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"975563c5de1123dde1ec7946bf5556d20c89d74e","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"f653b040dad1af70fa5cd4fe085e4758925480c9","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"e910dbf509125fe51ad68e4fa74dc8ab0a8e787a","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"3eb8bcb823391bd58997831b3c9c152a4ba8e255","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"fdb2c96efb2baeb3725e9ce3ede8f1e36f5490f0","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"9cd3f16c320bfdadd4509358122368deb56a5741","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/fragmentation.c","net/batman-adv/types.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.13","status":"affected"},{"version":"0","lessThan":"3.13","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"

Quick Info

CVE Dictionary Entry:
CVE-2026-52914
NVD Published Date:
06/24/2026
NVD Last Modified:
06/28/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2026-52914 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

CVE Modified by kernel.org 6/28/2026 4:16:23 AM

New CVE Received from kernel.org 6/24/2026 4:16:21 AM

Quick Info