CVE-2026-53298

Source
https://cve.org/CVERecord?id=CVE-2026-53298
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53298.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53298
Downstream
Published
2026-06-26T19:40:55.867Z
Modified
2026-07-09T03:51:44.183640279Z
Summary
net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()
Details

In the Linux kernel, the following vulnerability has been resolved:

net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue()

If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup() will trigger a NULL pointer dereference running netifnapidel() for RX queue NAPIs since netifnapiadd() has never been executed to this particular RX NAPI. The issue is due to the early ndesc initialization in airohaqdmainitrxqueue() since airohaqdmacleanup() relies on ndesc value to check if the queue is properly initialized. Fix the issue moving ndesc initialization at end of airohaqdmainittx routine. Move pagepool allocation after descriptor list allocation in order to avoid memory leaks if desc allocation fails.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53298.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
23020f04932701d5c8363e60756f12b43b8ed752
Fixed
d36be272adda7f313e39dd118086955d993bf6a7
Fixed
4d4acfa348a1d8c0941004823662ede0fdb5dea5
Fixed
14dc48e5ba73d5c69559bf1a1a6884f7843aade7
Fixed
379050947a1828826ad7ea50c95245a56929b35a

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53298.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53298.json"