Bug 2495931 (CVE-2026-53338) - CVE-2026-53338 kernel: net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()
Summary: CVE-2026-53338 kernel: net: airoha: Add NULL check for of_reserved_mem_lookup...
Keywords:
Status: NEW
Alias: CVE-2026-53338
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-01 14:01 UTC by OSIDB Bzimport
Modified: 2026-07-01 19:04 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-01 14:01:43 UTC
In the Linux kernel, the following vulnerability has been resolved:

net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()

of_reserved_mem_lookup() may return NULL if the reserved memory region
referenced by the "memory-region" phandle is not found in the reserved
memory table (e.g. due to a misconfigured DTS or a removed
memory-region node).  The current code dereferences the returned
pointer without checking for NULL, leading to a kernel NULL pointer
dereference at the following lines:

    dma_addr = rmem->base;                          // line 1156
    num_desc = div_u64(rmem->size, buf_size);       // line 1160

Add a NULL check after of_reserved_mem_lookup() and return -ENODEV if
the lookup fails, which is consistent with the existing error handling
for of_parse_phandle() failure in the same code block.

Comment 1 Mauro Matteo Cascella 2026-07-01 18:57:12 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026070144-CVE-2026-53338-59eb@gregkh/T


Note You need to log in before you can comment on or make changes to this bug.