Skip to main content

Linux Kernel CVE-2026-53299

| EUVDEUVD-2026-39834 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-26 Linux GHSA-cpq4-x345-qfwq
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only driver bug triggered by allocation failure; PR:L as standard user can influence memory pressure; pure availability impact, no data exposure or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 08, 2026 - 03:54 vuln.today
CVSS changed
Jul 08, 2026 - 03:52 NVD
5.5 (MEDIUM)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:40 nvd
MEDIUM 5.5
CVE Published
Jun 26, 2026 - 19:40 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx()

If queue entry list allocation fails in airoha_qdma_init_tx_queue routine, airoha_qdma_cleanup_tx_queue() will trigger a NULL pointer dereference accessing the queue entry array. The issue is due to the early ndesc initialization in airoha_qdma_init_tx_queue(). Fix the issue moving ndesc initialization at end of airoha_qdma_init_tx routine.

AnalysisAI

NULL pointer dereference in the Linux kernel's Airoha QDMA network driver causes a kernel panic (denial of service) when queue entry list allocation fails during TX queue initialization. Systems running Airoha-based network hardware on affected kernel versions - including Linux 6.19 - are vulnerable when the driver's cleanup path dereferences an uninitialized descriptor array pointer. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local access with standard privileges
Delivery
Load or trigger reload of Airoha QDMA driver
Exploit
Induce memory allocation failure during TX queue init
Execution
Cleanup path dereferences NULL entry array pointer
Persist
Kernel NULL pointer dereference panic
Impact
System crashes (denial of service)

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) local access to the target system with at minimum low user privileges (CVSS PR:L); (2) the target system must be running hardware supported by the Airoha QDMA kernel driver (Airoha EN7500-series SoC or compatible); (3) the vulnerable kernel version must be in use (Linux 6.19 or versions within the identified commit range); (4) the vulnerability is triggered during TX queue initialization failure, which requires a condition such as memory allocation failure. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is low despite an A:H availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with standard (non-root) privileges on a system using Airoha network hardware triggers a memory allocation failure during driver TX queue initialization - for example by exhausting available memory - causing `airoha_qdma_cleanup_tx_queue()` to dereference a NULL entry array pointer and crash the kernel. The result is an unplanned system reboot or panic, constituting a local denial of service. …
Remediation The primary fix is to update the Linux kernel to version 7.0.10 or 7.1, which include the corrected `ndesc` initialization sequencing. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53299 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy