CVE-2026-52983
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk36th percentile — higher than 36% of all known CVEs
Summary
In the Linux kernel, a vulnerability in the airoha network driver causes a BQL (Byte Queue Limits) imbalance in the TX path. The issue arises from incorrect TX queue indexing, where inflight packets are accounted only for a subset of queues while completions are accounted for all queues.
Risk Assessment
BQL imbalance can lead to inefficient TX queue management, potentially causing network performance degradation or system instability.
Recommendation
Immediately update the Linux kernel to a version containing the fix for CVE-2026-52983. Monitor for the patch from your system distributor.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix BQL imbalance in TX path Fix a possible BQL imbalance in airoha_dev_xmit(), where inflight packets are accounted only for the AIROHA_NUM_TX_RING netdev TX queues. The queue index is computed as: qid = skb_get_queue_mapping(skb) % ARRAY_SIZE(qdma->q_tx) txq = netdev_get_tx_queue(dev, qid); However, airoha_qdma_tx_napi_poll() accounts completions across all netdev TX queues (num_tx_queues), leading to inconsistent BQL accounting. Also reset all netdev TX queues in the ndo_stop callback.

