Impact
The bcmgenet_timeout handler in the Linux kernel's bcmgenet driver previously shut down all transmit queues when any single queue timed out, an over‑aggressive action that creates race conditions while other queues still operate. Based on the description, it is inferred that this flaw can lead to unexpected packet drops, degraded network performance, and intermittent loss of connectivity for the affected interface. The patch the timed‑out queue, reducing the risk of widespread disruption.
Affected Systems
The vulnerability applies to any Linux kernel that includes the bcmgenet network driver. The input does not specify a particular vendor for this driver, so the device may be supplied by multiple manufacturers. No exact version range is listed, so all kernels running the bcmgenet driver before the commit that adds the fix are considered at risk until updated.
Risk and Exploitability
The weakness is an internal race condition that could cause service interruption but does not enable privilege escalation or remote code execution. The CVSS score is 9.8, and the EPSS score is less than 1 %. The vulnerability is not listed in CISA KEV. No exploitation evidence or reports of remote or local use are documented. With a CVSS of 9.8 the vulnerability is classified as critical, yet its likelihood of exploitation remains low due to the very small EPSS score. Nonetheless, applying the patch is strongly recommended to prevent possible network disruption.
OpenCVE Enrichment
Debian DLA