Description
In the Linux kernel, the following vulnerability has been resolved:

net: bcmgenet: fix off-by-one in bcmgenet_put_txcb

The write_ptr points to the next open tx_cb. We want to return the
tx_cb that gets rewinded, so we must rewind the pointer first then
return the tx_cb that it points to. That way the txcb can be correctly
cleaned up.
Published: 2026-06-24
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s bcmgenet network driver contains an off-by-one error in the routine that handles transmit control blocks. The code mistakenly rewinds the write pointer too late, so the driver returns an incorrect tx_cb for cleanup. This bug can lead to incorrect resource handling and, in some circumstances, undefined behavior that could destabilize the system. The flaw is represented by CWE-193.

Affected Systems

All Linux kernel installations that compile the bcmgenet driver are potentially affected. No specific kernel version range is listed, so any unpatched build that includes the driver may be vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates a high severity, while the EPSS score of less than 1% reflects a low probability of exploitation in the wild. The vulnerability is not included in the CISA KEV catalog. Exploitation would require crafted network traffic that exercises the faulty tx_cb logic on a system with a bcmgenet interface, and the potential impact includes system instability or denial of service.

Generated by OpenCVE AI on June 28, 2026 at 14:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the fixed bcmgenet_put_txcb implementation.
  • If a kernel upgrade cannot be performed immediately, restrict or filter traffic on bcmgenet interfaces so that malformed frames cannot reach the driver, for example by using firewall rules.
  • Monitor kernel logs for panics, memory corruption events, or abnormal networking behavior that may indicate an attempt to exploit the flaw.

Generated by OpenCVE AI on June 28, 2026 at 14:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Sun, 28 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-680

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-193
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-680

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix off-by-one in bcmgenet_put_txcb The write_ptr points to the next open tx_cb. We want to return the tx_cb that gets rewinded, so we must rewind the pointer first then return the tx_cb that it points to. That way the txcb can be correctly cleaned up.
Title net: bcmgenet: fix off-by-one in bcmgenet_put_txcb
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:39:11.191Z

Reserved: 2026-06-09T07:44:35.384Z

Link: CVE-2026-53088

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53088 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T15:00:12Z

Weaknesses