Impact
In the Linux kernel, the airoha network driver incorrectly accounts inflight packets by counting only certain transmit queues while using completions from all queues, leading to a Buffer Queue Limit (BQL) imbalance. This flaw can cause the driver to throttle traffic improperly, resulting in packet loss, reduced throughput, and potentially a denial of service on the affected interface. The vulnerability is a logic error in resource accounting rather than an execution or authentication issue.
Affected Systems
The vulnerability impacts the Linux kernel on any system utilizing the airoha driver. No specific version information is listed in the CNA data, implying that any kernel revision prior to the inclusion of the listed patches may be affected.
Risk and Exploitability
The EPSS score of < 1% indicates a very low probability of exploitation and is less than 1%. The vulnerability is not listed in CISA's KEV catalog. No public exploit is documented. The CVSS score of 7.5 indicates high severity, reflecting the potential for serious performance degradation and denial of service. The risk remains moderate due to the low exploitation probability. The likely attack vector, based on the description, involves an attacker who can direct traffic to the affected network device (e.g., by sending a high volume of packets that trigger the BQL with network access to the interface).
OpenCVE Enrichment