In the Linux kernel, the following vulnerability has been resolved:

net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()

If queue entry or DMA descriptor list allocation fails in
airoha_qdma_init_rx_queue routine, airoha_qdma_cleanup() will trigger a
NULL pointer dereference running netif_napi_del() for RX queue NAPIs
since netif_napi_add() has never been executed to this particular RX NAPI.
The issue is due to the early ndesc initialization in
airoha_qdma_init_rx_queue() since airoha_qdma_cleanup() relies on ndesc
value to check if the queue is properly initialized. Fix the issue moving
ndesc initialization at end of airoha_qdma_init_tx routine.
Move page_pool allocation after descriptor list allocation in order to
avoid memory leaks if desc allocation fails.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
23020f04932701d5c8363e60756f12b43b8ed752 affected < d36be272adda7f313e39dd118086955d993bf6a7
23020f04932701d5c8363e60756f12b43b8ed752 affected < 4d4acfa348a1d8c0941004823662ede0fdb5dea5
23020f04932701d5c8363e60756f12b43b8ed752 affected < 14dc48e5ba73d5c69559bf1a1a6884f7843aade7
23020f04932701d5c8363e60756f12b43b8ed752 affected < 379050947a1828826ad7ea50c95245a56929b35a
Linux Linux affected
Version Status Constraints
6.11 affected
0 unaffected < 6.11
6.12.91 unaffected ≤ 6.12.*
6.18.33 unaffected ≤ 6.18.*
7.0.10 unaffected ≤ 7.0.*
7.1 unaffected ≤ *

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/14dc48e5ba73d5c69559bf1a1a6884f7843aade7 cve-icon
https://git.kernel.org/stable/c/379050947a1828826ad7ea50c95245a56929b35a cve-icon
https://git.kernel.org/stable/c/4d4acfa348a1d8c0941004823662ede0fdb5dea5 cve-icon
https://git.kernel.org/stable/c/d36be272adda7f313e39dd118086955d993bf6a7 cve-icon
History

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue() If queue entry or DMA descriptor list allocation fails in airoha_qdma_init_rx_queue routine, airoha_qdma_cleanup() will trigger a NULL pointer dereference running netif_napi_del() for RX queue NAPIs since netif_napi_add() has never been executed to this particular RX NAPI. The issue is due to the early ndesc initialization in airoha_qdma_init_rx_queue() since airoha_qdma_cleanup() relies on ndesc value to check if the queue is properly initialized. Fix the issue moving ndesc initialization at end of airoha_qdma_init_tx routine. Move page_pool allocation after descriptor list allocation in order to avoid memory leaks if desc allocation fails.
Title net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:40:55.867Z

Reserved: 2026-06-09T07:44:35.396Z

Link: CVE-2026-53298

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.