CVE-2026-53087 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

net: bcmgenet: fix leaking free_bds

While reclaiming the tx queue we fast forward the write pointer to
drop any data in flight. These dropped frames are not added back
to the pool of free bds. We also need to tell the netdev that we
are dropping said data.

Published: 2026-06-24

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A bug in the Linux kernel bcmgenet driver caused the driver to omit returning dropped transmit frames to the free buffer descriptor pool during queue reclaim. As a result, buffer descriptors are leaked and the pool gradually empties, leading to a loss of network transmit capability and eventual service interruption for the host. The weakness is a resource exhaustion flaw, as evidenced by the commit that restores the descriptors to the free pool.

Affected Systems

All Linux kernel builds that include the bcmgenet driver without the commit identified by the referenced series are affected. This includes broadcom Ethernet hardware using the bcmgenet module in any kernel version prior to the application of the patch. The exact version range is not listed, but all kernels that compiled bcmgenet before the history commits are susceptible.

Risk and Exploitability

The vulnerability has no defined CVSS or EPSS score, and it is not listed in the CISA KEV catalog. The most likely attack vector is local: a process or user with kernel module interaction privileges could generate high levels of traffic to trigger the descriptor leak, leading to a local denial‑of‑service. No documented exploits are known, but the potential for resource exhaustion makes the issue serious if exploited.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`6a84791b63044cdee3ab55eb350e6352b751f584`	affected	< 150d06aae1839a6564ab200ef0e7291c3528bbb0
`991cd78f95f2a1d6097669afaff66aeeba35f5fd`	affected	< 52b9f80993698138b90e5ca3a72550a2501f2a96
`3877efc13053408f4cf2e821006d6ddd1929200f`	affected	< 3c3abbcfa05bad17965498ff7cc94c2418fa94b3
`f1bacae8b655163dcbc3c54b9e714ef1a8986d7b`	affected	< 25ff3a3e47ea635ec08dc93e84dd2bfe15abfebb
`f1bacae8b655163dcbc3c54b9e714ef1a8986d7b`	affected	< ac4a29c331ecb5b10240c44247a8e010c95bc15b
`f1bacae8b655163dcbc3c54b9e714ef1a8986d7b`	affected	< 3f3168300efb839028328d720ab3962f91d6a0d0

Linux

affected

Version	Status	Constraints
`6.15`	affected	—
`0`	unaffected	< 6.15
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel update that includes the commits referenced in the advisory, such as the commit 150d06aa, ensuring the bcmgenet driver correctly returns dropped frames to the buffer descriptor pool.
If an immediate kernel upgrade is not possible, disable or replace the bcmgenet network interfaces with a non‑vulnerable driver to prevent the defect from being exercised.
Monitor system and network performance for signs of buffer descriptor exhaustion, such as reduced transmit throughput or increased error logs, and take corrective action before the issue leads to service disruption.

Generated by OpenCVE AI on June 24, 2026 at 20:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/150d06aae1839a6564ab200ef0e7291c3528bbb0
https://git.kernel.org/stable/c/25ff3a3e47ea635ec08dc93e84dd2bfe15abfebb
https://git.kernel.org/stable/c/3c3abbcfa05bad17965498ff7cc94c2418fa94b3
https://git.kernel.org/stable/c/3f3168300efb839028328d720ab3962f91d6a0d0
https://git.kernel.org/stable/c/52b9f80993698138b90e5ca3a72550a2501f2a96
https://git.kernel.org/stable/c/ac4a29c331ecb5b10240c44247a8e010c95bc15b

History

Wed, 24 Jun 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking free_bds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that we are dropping said data.
Title		net: bcmgenet: fix leaking free_bds
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/150d06aae1839a6564ab200ef0e7291c3528bbb0 https://git.kernel.org/stable/c/25ff3a3e47ea635ec08dc93e84dd2bfe15abfebb https://git.kernel.org/stable/c/3c3abbcfa05bad17965498ff7cc94c2418fa94b3 https://git.kernel.org/stable/c/3f3168300efb839028328d720ab3962f91d6a0d0 https://git.kernel.org/stable/c/52b9f80993698138b90e5ca3a72550a2501f2a96 https://git.kernel.org/stable/c/ac4a29c331ecb5b10240c44247a8e010c95bc15b

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:30:26.881Z

Updated: 2026-06-24T16:30:26.881Z

Reserved: 2026-06-09T07:44:35.384Z

Link: CVE-2026-53087

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T21:00:11Z

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object