7 matches found
UBUNTU-CVE-2026-53338
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...
SUSE CVE-2026-53299
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainittx If queue entry list allocation fails in airohaqdmainittxqueue routine, airohaqdmacleanuptxqueue will trigger a NULL pointer dereference accessing the queue entry...
CVE-2026-53298
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...
EUVD-2026-39833
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...
PT-2026-52938
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the airoha qdma cleanup tx queue function when the queue entry list allocation fails within the airoha qdma init tx queue routine. This is caused by...
CVE-2026-53248
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix use-after-free in metadata dst teardown airohametadatadstfree runs metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...
CVE-2025-38536
In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix potential use-after-free in airohanpuget np-name was being used after calling ofnodeputnp, which releases the node and can lead to a use-after-free bug. Previously, ofnodeputnp was called unconditionally after...