Impact
The Linux kernel’s bcmgenet network driver contains an off-by-one error in the routine that handles transmit control blocks. The code mistakenly rewinds the write pointer too late, so the driver returns an incorrect tx_cb for cleanup. This bug can lead to incorrect resource handling and, in some circumstances, undefined behavior that could destabilize the system. The flaw is represented by CWE-193.
Affected Systems
All Linux kernel installations that compile the bcmgenet driver are potentially affected. No specific kernel version range is listed, so any unpatched build that includes the driver may be vulnerable.
Risk and Exploitability
The CVSS score of 9.8 indicates a high severity, while the EPSS score of less than 1% reflects a low probability of exploitation in the wild. The vulnerability is not included in the CISA KEV catalog. Exploitation would require crafted network traffic that exercises the faulty tx_cb logic on a system with a bcmgenet interface, and the potential impact includes system instability or denial of service.
OpenCVE Enrichment
Debian DLA