Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Local-only driver bug triggered by allocation failure; PR:L as standard user can influence memory pressure; pure availability impact, no data exposure or integrity effect.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx()
If queue entry list allocation fails in airoha_qdma_init_tx_queue routine, airoha_qdma_cleanup_tx_queue() will trigger a NULL pointer dereference accessing the queue entry array. The issue is due to the early ndesc initialization in airoha_qdma_init_tx_queue(). Fix the issue moving ndesc initialization at end of airoha_qdma_init_tx routine.
AnalysisAI
NULL pointer dereference in the Linux kernel's Airoha QDMA network driver causes a kernel panic (denial of service) when queue entry list allocation fails during TX queue initialization. Systems running Airoha-based network hardware on affected kernel versions - including Linux 6.19 - are vulnerable when the driver's cleanup path dereferences an uninitialized descriptor array pointer. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) local access to the target system with at minimum low user privileges (CVSS PR:L); (2) the target system must be running hardware supported by the Airoha QDMA kernel driver (Airoha EN7500-series SoC or compatible); (3) the vulnerable kernel version must be in use (Linux 6.19 or versions within the identified commit range); (4) the vulnerability is triggered during TX queue initialization failure, which requires a condition such as memory allocation failure. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is low despite an A:H availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user with standard (non-root) privileges on a system using Airoha network hardware triggers a memory allocation failure during driver TX queue initialization - for example by exhausting available memory - causing `airoha_qdma_cleanup_tx_queue()` to dereference a NULL entry array pointer and crash the kernel. The result is an unplanned system reboot or panic, constituting a local denial of service. … |
| Remediation | The primary fix is to update the Linux kernel to version 7.0.10 or 7.1, which include the corrected `ndesc` initialization sequencing. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39834
GHSA-cpq4-x345-qfwq