CVE Catalog

CVE-2026-53299

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the airoha network driver. Early initialization of the ndesc variable in airoha_qdma_init_tx_queue() causes a NULL pointer dereference in airoha_qdma_cleanup_tx_queue() when queue entry list allocation fails.

Risk Assessment

The vulnerability can cause a system crash (kernel panic) due to NULL pointer dereference, posing a risk of service disruption on the server.

Recommendation

Update the Linux kernel to a version containing the fix that moves ndesc initialization to the end of airoha_qdma_init_tx().

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx() If queue entry list allocation fails in airoha_qdma_init_tx_queue routine, airoha_qdma_cleanup_tx_queue() will trigger a NULL pointer dereference accessing the queue entry array. The issue is due to the early ndesc initialization in airoha_qdma_init_tx_queue(). Fix the issue moving ndesc initialization at end of airoha_qdma_init_tx routine.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS