CVE & CISA-KEV Catalog

CVE-2026-53298

UNSCORED

Description

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue() If queue entry or DMA descriptor list allocation fails in airoha_qdma_init_rx_queue routine, airoha_qdma_cleanup() will trigger a NULL pointer dereference running netif_napi_del() for RX queue NAPIs since netif_napi_add() has never been executed to this particular RX NAPI. The issue is due to the early ndesc initialization in airoha_qdma_init_rx_queue() since airoha_qdma_cleanup() relies on ndesc value to check if the queue is properly initialized. Fix the issue moving ndesc initialization at end of airoha_qdma_init_tx routine. Move page_pool allocation after descriptor list allocation in order to avoid memory leaks if desc allocation fails.

How to fix

Remediation Available
linuxDebian
Fixed in:6.12.94-1CVE-2026-53298
Fixed in:7.0.10-1CVE-2026-53298

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

0.17%probability of exploitation in 30 days
6thpercentile

Low risk: more likely to be exploited than 6% of all known CVEs.

References

Embed a live status badge for CVE-2026-53298
CVE-2026-53298 severity badge

Markdown

[![CVE-2026-53298](https://tridentstack.com/cve/badge/CVE-2026-53298.svg)](https://tridentstack.com/cve/CVE-2026-53298)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-53298"><img src="https://tridentstack.com/cve/badge/CVE-2026-53298.svg" alt="CVE-2026-53298"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-30.