Description
In the Linux kernel, the following vulnerability has been resolved:

net: airoha: fix BQL imbalance in TX path

Fix a possible BQL imbalance in airoha_dev_xmit(), where inflight
packets are accounted only for the AIROHA_NUM_TX_RING netdev TX
queues. The queue index is computed as:

qid = skb_get_queue_mapping(skb) % ARRAY_SIZE(qdma->q_tx)
txq = netdev_get_tx_queue(dev, qid);

However, airoha_qdma_tx_napi_poll() accounts completions across all
netdev TX queues (num_tx_queues), leading to inconsistent BQL
accounting.

Also reset all netdev TX queues in the ndo_stop callback.
Published: 2026-06-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the airoha network driver incorrectly accounts inflight packets by counting only certain transmit queues while using completions from all queues, leading to a Buffer Queue Limit (BQL) imbalance. This flaw can cause the driver to throttle traffic improperly, resulting in packet loss, reduced throughput, and potentially a denial of service on the affected interface. The vulnerability is a logic error in resource accounting rather than an execution or authentication issue.

Affected Systems

The vulnerability impacts the Linux kernel on any system utilizing the airoha driver. No specific version information is listed in the CNA data, implying that any kernel revision prior to the inclusion of the listed patches may be affected.

Risk and Exploitability

The EPSS score of < 1% indicates a very low probability of exploitation and is less than 1%. The vulnerability is not listed in CISA's KEV catalog. No public exploit is documented. The CVSS score of 7.5 indicates high severity, reflecting the potential for serious performance degradation and denial of service. The risk remains moderate due to the low exploitation probability. The likely attack vector, based on the description, involves an attacker who can direct traffic to the affected network device (e.g., by sending a high volume of packets that trigger the BQL with network access to the interface).

Generated by OpenCVE AI on June 28, 2026 at 13:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel fixes from the commits cited in the references (e.g., 2d9f5a118205da2683ffcec78b9347f1f01a820e, aaad53a55812acd2355c0e78b0110, ded2694247a55a16d0ebbe2d6f9139305c21457a) and rebuild the kernel.
  • If an immediate kernel upgrade is not possible, temporarily dismantle and reinitialize the affected network device (run `ifdown`/`ifup` or restart the interface) to reset all TX queues and restore balanced BQL accounting until the patches are available.
  • Monitor the network interface for packet loss or throughput anomalies after the reset to ensure BQL accounting is functioning correctly.

Generated by OpenCVE AI on June 28, 2026 at 13:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Fri, 26 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix BQL imbalance in TX path Fix a possible BQL imbalance in airoha_dev_xmit(), where inflight packets are accounted only for the AIROHA_NUM_TX_RING netdev TX queues. The queue index is computed as: qid = skb_get_queue_mapping(skb) % ARRAY_SIZE(qdma->q_tx) txq = netdev_get_tx_queue(dev, qid); However, airoha_qdma_tx_napi_poll() accounts completions across all netdev TX queues (num_tx_queues), leading to inconsistent BQL accounting. Also reset all netdev TX queues in the ndo_stop callback.
Title net: airoha: fix BQL imbalance in TX path
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:37:37.031Z

Reserved: 2026-06-09T07:44:35.376Z

Link: CVE-2026-52983

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52983 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T13:15:16Z

Weaknesses
  • CWE-821

    Incorrect Synchronization