Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-53338— net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()

AI Predicted 5.5 Difficulty: Trivial

Possible ATT&CK Techniques 1AI

T1499 · Endpoint Denial of Service
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53338

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues() of_reserved_mem_lookup() may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table (e.g. due to a misconfigured DTS or a removed memory-region node). The current code dereferences the returned pointer without checking for NULL, leading to a kernel NULL pointer dereference at the following lines: dma_addr = rmem->base; // line 1156 num_desc = div_u64(rmem->size, buf_size); // line 1160 Add a NULL check after of_reserved_mem_lookup() and return -ENODEV if the lookup fails, which is consistent with the existing error handling for of_parse_phandle() failure in the same code block.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 3a1ce9e3d01bbf3912c3e3f81cb554d558eb715b ~ 01f7d4b504580664d36faea5671cde5e3f0d8a5b -
LinuxLinux 6.16 -

II. Public POCs for CVE-2026-53338

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53338

登录查看更多情报信息。

Patches & Fixes for CVE-2026-53338 (3)

Same Patch Batch · Linux · 2026-07-01 · 31 CVEs total

CVE-2026-53342arm64: mm: call pagetable dtor when freeing hot-removed page tables
CVE-2026-53326debugobjects: Don't call fill_pool() in early boot hardirq context
CVE-2026-53327debugobjects: Do not fill_pool() if pi_blocked_on
CVE-2026-53328sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()
CVE-2026-53329drm/amd/display: Use krealloc_array() in dal_vector_reserve()
CVE-2026-53330drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval()
CVE-2026-53331slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock
CVE-2026-53332slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd
CVE-2026-53334mm/damon/reclaim: handle ctx allocation failure
CVE-2026-53333mm/mincore: handle non-swap entries before !CONFIG_SWAP guard
CVE-2026-53335mm/damon/lru_sort: handle ctx allocation failure
CVE-2026-53336nvmem: layouts: onie-tlv: fix hang on unknown types
CVE-2026-53337net: bonding: fix NULL pointer dereference in bond_do_ioctl()
CVE-2026-53340i2c: imx: fix clock and pinctrl state inconsistency in runtime PM
CVE-2026-53339i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()
CVE-2026-53356drm/i915/gem: Fix phys BO pread/pwrite with offset
CVE-2026-53341fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh()
CVE-2026-53343ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow
CVE-2026-53344pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init
CVE-2026-53345KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying

Showing top 20 of 31 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

V. Comments for CVE-2026-53338

No comments yet


Leave a comment