Description
In the Linux kernel, the following vulnerability has been resolved:

net: bcmgenet: fix leaking free_bds

While reclaiming the tx queue we fast forward the write pointer to
drop any data in flight. These dropped frames are not added back
to the pool of free bds. We also need to tell the netdev that we
are dropping said data.
Published: 2026-06-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel bcmgenet driver causes dropped transmit frames to be omitted from the free buffer descriptor pool during queue reclamation, leaking descriptors and gradually exhausting available resources. This leads to a loss of network transmission capability and can ultimately interrupt host connectivity, representing a resource‑exhaustion denial‑of‑service vulnerability (CWE‑772).

Affected Systems

Linux kernel builds that include the bcmgenet driver and have not applied the commits referenced in the advisory are affected. This encompasses any kernel version where bcmgenet was compiled prior to the application of the fix, regardless of vendor or specific distribution.

Risk and Exploitability

The CVSS score is 7.5, indicating high severity, and the EPSS score is less than 1 %, suggesting a low likelihood of exploitation. The vulnerability is not present in CISA’s KEV catalog. Based on the description, the likely attack vector is local, requiring privileged access to interact with the network driver or to generate high traffic volumes to trigger the descriptor leak. No known exploits exist, but the potential for service disruption warrants immediate attention.

Generated by OpenCVE AI on June 28, 2026 at 14:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes commit 150d06aa and the related patch series, ensuring the bcmgenet driver correctly recycles dropped frames.
  • If a kernel upgrade is not feasible, disable the bcmgenet network interfaces or replace them with a non‑vulnerable driver to prevent the defect from being exercised.
  • Monitor network performance and system logs for signs of buffer descriptor exhaustion, such as reduced transmit throughput or increased error counts, and take corrective action before an outage.

Generated by OpenCVE AI on June 28, 2026 at 14:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Fri, 26 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Fri, 26 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking free_bds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that we are dropping said data.
Title net: bcmgenet: fix leaking free_bds
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:39:09.752Z

Reserved: 2026-06-09T07:44:35.384Z

Link: CVE-2026-53087

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53087 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:30:07Z

Weaknesses
  • CWE-772

    Missing Release of Resource after Effective Lifetime