NULL Pointer Dereference Vulnerability in Linux Kernel Airoha Driver
CVE-2026-53299

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-53299?

A vulnerability exists in the Linux kernel's airoha driver due to incorrect initialization of the ndesc variable. This flaw can result in a NULL pointer dereference when the queue entry list allocation fails during the airoha_qdma_init_tx_queue routine. The affected code requires the ndesc initialization to be moved to the end of the airoha_qdma_init_tx routine to prevent potential crashes and enhance system reliability.

Affected Version(s)

Linux ad02cb61c52cae5afa3e2de6adbb49ad884c26e9 < 90619fdedfb9cc8a80f217d882ee7a84d3703e72

Linux 3f47e67dff1f7266e112c50313d63824f6f17102

References

https://git.kernel.org/stable/c/90619fdedfb9cc8a80f217d88...

https://git.kernel.org/stable/c/ece31f9dae0c3cd3277e66667...

https://git.kernel.org/stable/c/f329924bb49458c65297f1361...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53299 Data

JSON