Description
In the Linux kernel, the following vulnerability has been resolved:

net: bcmgenet: fix racing timeout handler

The bcmgenet_timeout handler tries to take down all tx queues when
a single queue times out. This is over zealous and causes many race
conditions with queues that are still chugging along. Instead lets
only restart the timed out queue.
Published: 2026-06-24
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bcmgenet_timeout handler in the Linux kernel's bcmgenet driver previously shut down all transmit queues when any single queue timed out, an over‑aggressive action that creates race conditions while other queues still operate. Based on the description, it is inferred that this flaw can lead to unexpected packet drops, degraded network performance, and intermittent loss of connectivity for the affected interface. The patch the timed‑out queue, reducing the risk of widespread disruption.

Affected Systems

The vulnerability applies to any Linux kernel that includes the bcmgenet network driver. The input does not specify a particular vendor for this driver, so the device may be supplied by multiple manufacturers. No exact version range is listed, so all kernels running the bcmgenet driver before the commit that adds the fix are considered at risk until updated.

Risk and Exploitability

The weakness is an internal race condition that could cause service interruption but does not enable privilege escalation or remote code execution. The CVSS score is 9.8, and the EPSS score is less than 1 %. The vulnerability is not listed in CISA KEV. No exploitation evidence or reports of remote or local use are documented. With a CVSS of 9.8 the vulnerability is classified as critical, yet its likelihood of exploitation remains low due to the very small EPSS score. Nonetheless, applying the patch is strongly recommended to prevent possible network disruption.

Generated by OpenCVE AI on June 28, 2026 at 14:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that includes the bcmgenet_timeout handler fix, which can be obtained from the latest stable kernel release or by applying the relevant patch from the kernel source repository.
  • Reboot the system to load the updated kernel.
  • Monitor the affected network interfaces for stable throughput and confirm that timeout events only trigger a restart of the specific timed‑out queue, not all queues.

Generated by OpenCVE AI on June 28, 2026 at 14:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Sat, 27 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-363

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-366
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-363

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix racing timeout handler The bcmgenet_timeout handler tries to take down all tx queues when a single queue times out. This is over zealous and causes many race conditions with queues that are still chugging along. Instead lets only restart the timed out queue.
Title net: bcmgenet: fix racing timeout handler
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:39:08.441Z

Reserved: 2026-06-09T07:44:35.384Z

Link: CVE-2026-53086

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53086 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:30:07Z

Weaknesses
  • CWE-366

    Race Condition within a Thread