VYPR
Medium severity5.5NVD Advisory· Published May 8, 2026· Updated May 26, 2026

CVE-2026-43382

CVE-2026-43382

Description

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: Avoid double-rtnl_lock ELP metric worker

batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case, an rtnl_lock() would cause a deadlock.

To avoid this, rtnl_trylock() was used in this function to skip the retrieval of the ethtool information in case the RTNL lock was already held.

But for cfg80211 interfaces, batadv_get_real_netdev() was called - which also uses rtnl_lock(). The approach for __ethtool_get_link_ksettings() must also be used instead and the lockless version __batadv_get_real_netdev() has to be called.

Affected products

12
  • Linux/Kernel9 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.4.291,<5.5
    • cpe:2.3:o:linux:linux_kernel:6.14:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.14:rc7:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
  • Linux/batman-advllm-fuzzy

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.