CVE-2026-53338
Received Received - Intake

NULL Pointer Dereference in Linux Kernel Airoha QDMA Driver

Vulnerability report for CVE-2026-53338, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues() of_reserved_mem_lookup() may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table (e.g. due to a misconfigured DTS or a removed memory-region node). The current code dereferences the returned pointer without checking for NULL, leading to a kernel NULL pointer dereference at the following lines: dma_addr = rmem->base; // line 1156 num_desc = div_u64(rmem->size, buf_size); // line 1160 Add a NULL check after of_reserved_mem_lookup() and return -ENODEV if the lookup fails, which is consistent with the existing error handling for of_parse_phandle() failure in the same code block.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's airoha network driver code. The function of_reserved_mem_lookup() is called to find a reserved memory region, but it may return NULL if the referenced memory region is not found due to misconfiguration or removal.

The code did not check if the returned pointer was NULL before dereferencing it, which leads to a kernel NULL pointer dereference error. This can cause the kernel to crash or behave unpredictably.

The fix involved adding a NULL check after the call to of_reserved_mem_lookup() and returning an error code (-ENODEV) if the lookup fails, preventing the NULL pointer dereference.

Impact Analysis

This vulnerability can cause the Linux kernel to dereference a NULL pointer, which typically results in a kernel crash or system instability.

Such crashes can lead to denial of service (DoS) conditions, where the affected system becomes unresponsive or requires a reboot.

Mitigation Strategies

The vulnerability is caused by a NULL pointer dereference in the Linux kernel's airoha driver due to missing NULL checks after of_reserved_mem_lookup().

To mitigate this vulnerability, update your Linux kernel to a version where this issue is fixed by adding the NULL check and returning -ENODEV if the lookup fails.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53338. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart