Null Pointer Dereference Vulnerability in Airoha Driver of Linux Kernel
CVE-2026-53298

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-53298?

The Airoha network driver in the Linux Kernel is susceptible to a NULL pointer dereference issue due to improper initialization during the process of setting up receive queues. When queue entry or DMA descriptor list allocation fails in the airoha_qdma_init_rx_queue function, this results in a null pointer dereference during cleanup if the initialization steps are not properly executed. The vulnerability stems from the early initialization of descriptor values, which can lead to instability and unexpected application behavior if not resolved. Moving the descriptor initialization to the end of the transmission queue initialization greatly mitigates the risk of such failures, ensuring more robust operations and preventing potential memory leaks during allocation failures.

Affected Version(s)

Linux 23020f04932701d5c8363e60756f12b43b8ed752

Linux 23020f04932701d5c8363e60756f12b43b8ed752 < 4d4acfa348a1d8c0941004823662ede0fdb5dea5

Linux 23020f04932701d5c8363e60756f12b43b8ed752 < 14dc48e5ba73d5c69559bf1a1a6884f7843aade7

References

https://git.kernel.org/stable/c/d36be272adda7f313e39dd118...

https://git.kernel.org/stable/c/4d4acfa348a1d8c0941004823...

https://git.kernel.org/stable/c/14dc48e5ba73d5c69559bf1a1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53298 Data

JSON