GHSA-36QQ-553F-W4WW

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-26 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: Avoid double-rtnl_lock ELP metric worker

batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case, an rtnl_lock() would cause a deadlock.

To avoid this, rtnl_trylock() was used in this function to skip the retrieval of the ethtool information in case the RTNL lock was already held.

But for cfg80211 interfaces, batadv_get_real_netdev() was called - which also uses rtnl_lock(). The approach for __ethtool_get_link_ksettings() must also be used instead and the lockless version __batadv_get_real_netdev() has to be called.

Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2026-43382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T15:16:49Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Avoid double-rtnl_lock ELP metric worker\n\nbatadv_v_elp_get_throughput() might be called when the RTNL lock is already\nheld. This could be problematic when the work queue item is cancelled via\ncancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case,\nan rtnl_lock() would cause a deadlock.\n\nTo avoid this, rtnl_trylock() was used in this function to skip the\nretrieval of the ethtool information in case the RTNL lock was already\nheld.\n\nBut for cfg80211 interfaces, batadv_get_real_netdev() was called - which\nalso uses rtnl_lock(). The approach for __ethtool_get_link_ksettings() must\nalso be used instead and the lockless version __batadv_get_real_netdev()\nhas to be called.",
  "id": "GHSA-36qq-553f-w4ww",
  "modified": "2026-05-26T18:31:37Z",
  "published": "2026-05-08T15:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43382"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/192f40ad8a7dac58dae9199a065dbf7e6e67b75b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ab9f2531d37775cd79228c1f5d80e6bd08d11d3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c3ae249431b4fcb315d7dfb4c3a13f9e443fd9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/77808fe7d03ad0062840b95f431869a8b3d88b24"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7e5d8ddfdf1d6e9e0808d1adf7736a107372d77"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cfc83a3c71517b59c1047db57da31e26a9dc2f33"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f3ca45673dab0514a887231de6f3243a699d5bfd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa7b4edfbabdf9235b0ab4bea297fc12b3bec9ca"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.