Impact
A null pointer dereference in the Airoha QDMA driver occurs when the driver attempts to access a reserved memory region that is not present in the device tree. The missing region causes of_reserved_mem_lookup() to return NULL, which is then dereferenced, leading to a kernel panic that brings the entire system down. This flaw directly results in a denial of service and has no known path for arbitrary code execution.
Affected Systems
The flaw resides in the Linux kernel’s airoha network driver and therefore affects all Linux distributions that ship the affected driver and have not applied the patch commit. The issue is not limited to a specific vendor or distribution; any system using a kernel version prior to the NULL‑check fix and containing an Airoha network device is vulnerable. If the device tree for the Airoha NIC references a memory-region node that does not exist in the reserved‑memory table, the system is susceptible.
Risk and Exploitability
The CVSS score is not publicly listed and the EPSS score is unavailable, but the nature of a kernel null‑pointer dereference implies a high severity. An attacker would need local or privileged access to manipulate or remove the memory‑region reference in the device tree, or delay the system’s access to the reserved region. While the vulnerability cannot be directly leveraged for code execution, it can cause repeated crashes, making it a serious availability threat. The vulnerability is not yet listed in the CISA KEV catalog, indicating no confirmed exploit in the wild.
OpenCVE Enrichment