CyberRota
← Ana sayfaya dön

CVE-2026-52916

MEDIUM · CVSS 5.5 EPSS %0.12

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-24T08:16:21.463 · Çekilme zamanı: 2026-07-15T12:03:18.324617+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-52916
Severity
MEDIUM
CVSS
5.5
EPSS
%0.12
Linux

Orijinal NVD Açıklaması

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadv_frag_skb_buffer() is called by batadv_batman_skb_recv() when a BATADV_UNICAST_FRAG packet is received. Once all fragments are collected and the packet is reassembled, batadv_recv_frag_packet() calls batadv_batman_skb_recv() again to process the defragmented payload. A malicious sender can craft a BATADV_UNICAST_FRAG packet whose reassembled payload is itself a BATADV_UNICAST_FRAG packet (matryoshka-style nesting). Each nesting level recurses through batadv_batman_skb_recv() without bound, growing the kernel stack until it is exhausted. Since refragmentation or fragments in fragments are not actually allowed, discard all packets which are still BATADV_UNICAST_FRAG packets after the defragmentation process.