Skip to main content

Linux Kernel CVE-2026-52983

| EUVDEUVD-2026-38851 HIGH
2026-06-24 Linux GHSA-mvhp-248j-7g76
7.5
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
2.5 LOW

Bug triggers on-device via specific queue-mapping conditions (AV:L/AC:H), needs local operational access to drive traffic (PR:L), and yields transient TX-stall availability loss only (A:L, C/I:N).

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 08:41 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
7.5 (HIGH)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:28 cve.org
HIGH 7.5
CVE Published
Jun 24, 2026 - 16:28 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: airoha: fix BQL imbalance in TX path

Fix a possible BQL imbalance in airoha_dev_xmit(), where inflight packets are accounted only for the AIROHA_NUM_TX_RING netdev TX queues. The queue index is computed as:

qid = skb_get_queue_mapping(skb) % ARRAY_SIZE(qdma->q_tx) txq = netdev_get_tx_queue(dev, qid);

However, airoha_qdma_tx_napi_poll() accounts completions across all netdev TX queues (num_tx_queues), leading to inconsistent BQL accounting.

Also reset all netdev TX queues in the ndo_stop callback.

AnalysisAI

Denial-of-service (TX queue stall) in the Linux kernel's Airoha QDMA Ethernet driver affects systems running on Airoha/MediaTek SoCs where airoha_dev_xmit() accounts inflight packets only across AIROHA_NUM_TX_RING queues while the NAPI completion path settles all netdev TX queues, corrupting Byte Queue Limits (BQL) state. The mismatch can wedge transmit queues and degrade or halt network throughput on the device. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Airoha-driven interface with traffic
Delivery
Spread packets across netdev TX queues
Exploit
Diverge BQL enqueue vs completion accounting
Execution
Stall transmit queue(s)
Impact
Degrade or halt outbound network (DoS)

Vulnerability AssessmentAI

Exploitation Requires the target to be running the Linux airoha_eth driver - i.e., an Airoha/MediaTek SoC with the QDMA Ethernet hardware - on a vulnerable kernel; the bug only manifests when traffic is distributed such that skb queue_mapping selects netdev TX queues beyond the AIROHA_NUM_TX_RING hardware rings, creating the enqueue/completion BQL accounting mismatch. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals conflict and should be read with caution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario On a device using the Airoha Ethernet driver, sustained or specifically patterned TX traffic causes BQL in-flight counters to drift out of sync between the enqueue and completion paths, eventually stalling one or more transmit queues and degrading or halting outbound networking until the interface is reset. No public exploit code exists, and given AC and the on-device nature of the trigger, this is more likely to manifest as a reliability failure than a deliberately driven attack.
Remediation Upstream fix available (commits, not a single vendor release tag): apply the stable kernel update containing commits aaad53a55812acd2355c0e5478896381e78b0110, 2d9f5a118205da2683ffcec78b9347f1f01a820e, or ded2694247a55a16d0ebbe2d6f9139305c21457a (https://git.kernel.org/stable/c/aaad53a55812acd2355c0e5478896381e78b0110, https://git.kernel.org/stable/c/2d9f5a118205da2683ffcec78b9347f1f01a820e, https://git.kernel.org/stable/c/ded2694247a55a16d0ebbe2d6f9139305c21457a); per the source feed this corresponds to stable releases such as 6.18.33/7.0.10/7.1 - confirm the exact tag for your tree before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify systems running Airoha/MediaTek SoCs with vulnerable driver versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-52983 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy