{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "33a3bb4a3345bb511f9c69c913da95d4693e2a4e"
            },
            {
              "fixed": "e75e2ab463b5b34df6b98f94d740aff327ce9f6b"
            },
            {
              "fixed": "abae88fa254f2981d39ac003a7b302528a22af64"
            },
            {
              "fixed": "c66d20a3ff095e3f000551d208ec2606616db15c"
            },
            {
              "fixed": "c1bac194733aabd731aafa6a01350c229e187dba"
            },
            {
              "fixed": "01cefc5923889e29dbb5f281c3d457714ceb9c00"
            },
            {
              "fixed": "90ae3eae06b7b8ab9f6250b9497c860915b4c17b"
            },
            {
              "fixed": "aeae11c5dad9cd0d50723890bdd866f8e6db2e7d"
            },
            {
              "fixed": "94f3b133168d1c49895e7cc6afbcf1cc0b354602"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.8.0"
            },
            {
              "fixed": "5.10.258"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.11.0"
            },
            {
              "fixed": "5.15.209"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.16.0"
            },
            {
              "fixed": "6.1.175"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.142"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.92"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.34"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "7.0.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52919.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix tp_meter counter underflow during shutdown\n\nbatadv_tp_sender_shutdown() unconditionally decrements the \"sending\"\natomic counter. If multiple paths (e.g. timeout, user cancel, and\nnormal finish) call this function, the counter can underflow to -1.\n\nSince the sender logic treats any non-zero value as \"still sending\",\na negative value causes the sender kthread to loop indefinitely.\nThis leads to a use-after-free when the interface is removed while\nthe zombie thread is still active.\n\nFix this by using atomic_xchg() to ensure the counter only transitions\nfrom 1 to 0 once.\n\n[sven: added missing change in batadv_tp_send]",
  "id": "CVE-2026-52919",
  "modified": "2026-07-10T03:54:25.563518587Z",
  "published": "2026-06-24T07:14:15.201Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01cefc5923889e29dbb5f281c3d457714ceb9c00"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/90ae3eae06b7b8ab9f6250b9497c860915b4c17b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/94f3b133168d1c49895e7cc6afbcf1cc0b354602"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/abae88fa254f2981d39ac003a7b302528a22af64"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aeae11c5dad9cd0d50723890bdd866f8e6db2e7d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c1bac194733aabd731aafa6a01350c229e187dba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c66d20a3ff095e3f000551d208ec2606616db15c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e75e2ab463b5b34df6b98f94d740aff327ce9f6b"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52919.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52919"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "batman-adv: fix tp_meter counter underflow during shutdown"
}