CVE-2026-53093 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcmfmac: Fix error pointer dereference

The function brcmf_chip_add_core() can return an error pointer and is
not checked. Add checks for error pointer.

Detected by Smatch:
drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1010 brcmf_chip_recognition() error:
'core' dereferencing possible ERR_PTR()

drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1013 brcmf_chip_recognition() error:
'core' dereferencing possible ERR_PTR()

drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1016 brcmf_chip_recognition() error:
'core' dereferencing possible ERR_PTR()

drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1019 brcmf_chip_recognition() error:
'core' dereferencing possible ERR_PTR()

drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1022 brcmf_chip_recognition() error:
'core' dereferencing possible ERR_PTR()

[add missing wifi: prefix]

Published: 2026-06-24

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from the brcmfmac wireless driver’s function brcmf_chip_add_core() returning an error pointer without proper checking. The unchecked error pointer can be dereferenced, causing a kernel crash and a denial of service. While the description does not state that arbitrary code execution is possible, a kernel panic could allow a local attacker to interrupt services or execute privileged code after reboot.

Affected Systems

Affected systems are Linux kernels that include the Broadcom brcmfmac driver, such as the default distributions that ship with the driver. Version information for the affected kernels is not specified in the CVE data, so any kernel that contains the legacy brcmfmac code without the applied fix is potentially impacted.

Risk and Exploitability

The CVS score is not provided, and the EPSS score is unavailable, but the lack of a severity rating does not negate the risk of a kernel crash. The vulnerability appears to be exploitable by an attacker who can trigger the wireless driver—likely through crafted packets or by manipulating the Wi-Fi hardware interface. The impact is limited to local or remote attackers who can interact with the wireless device; no remote code execution is documented. The vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation. However, the failure to handle error pointers is a high‑consequence bug typical of a low‑impact CVE score of 5–7, but the actual severity depends on the environment and the attacker's ability to interact with the driver.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`cb7cf7be9eba76f3cd6258906074c72084570c84`	affected	< a3b45090a91e2f0b9715870d8f8d9ca2fdfbc1af
`cb7cf7be9eba76f3cd6258906074c72084570c84`	affected	< 99ef547659178eef6d6ba4738a9d989ce90cf909
`cb7cf7be9eba76f3cd6258906074c72084570c84`	affected	< bd6c906e0c4af6d5d0c49c3c4ee090b4913da17d
`cb7cf7be9eba76f3cd6258906074c72084570c84`	affected	< d3f280be48f1c672cb10e8026c236d0cca60048a
`cb7cf7be9eba76f3cd6258906074c72084570c84`	affected	< 2e0e5a43ed126f896a4ad31ade66c90270601bae
`cb7cf7be9eba76f3cd6258906074c72084570c84`	affected	< cbea71b4480394708f9a6e007a0385acfe5e1ec8
`cb7cf7be9eba76f3cd6258906074c72084570c84`	affected	< 334c68750eee84c2327db1d152be83ff5ad8e20b
`cb7cf7be9eba76f3cd6258906074c72084570c84`	affected	< dd8592fc6007a451c3e4b9025de365e39de8178a

Linux

affected

Version	Status	Constraints
`3.15`	affected	—
`0`	unaffected	< 3.15
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.141`	unaffected	≤ 6.6.*
`6.12.91`	unaffected	≤ 6.12.*
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that incorporates the brcmfmac error pointer dereference fix.
If an immediate kernel upgrade is not feasible, disable the Broadcom wireless interface or disable wireless networking entirely until the patch is applied.
For environments that cannot suspend wireless connectivity, monitor kernel logs for brcmfmac-related errors and apply manual recovery procedures or temporary driver workarounds such as recompiling the driver with defensive checks if possible.

Generated by OpenCVE AI on June 24, 2026 at 20:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2e0e5a43ed126f896a4ad31ade66c90270601bae
https://git.kernel.org/stable/c/334c68750eee84c2327db1d152be83ff5ad8e20b
https://git.kernel.org/stable/c/99ef547659178eef6d6ba4738a9d989ce90cf909
https://git.kernel.org/stable/c/a3b45090a91e2f0b9715870d8f8d9ca2fdfbc1af
https://git.kernel.org/stable/c/bd6c906e0c4af6d5d0c49c3c4ee090b4913da17d
https://git.kernel.org/stable/c/cbea71b4480394708f9a6e007a0385acfe5e1ec8
https://git.kernel.org/stable/c/d3f280be48f1c672cb10e8026c236d0cca60048a
https://git.kernel.org/stable/c/dd8592fc6007a451c3e4b9025de365e39de8178a

History

Wed, 24 Jun 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix error pointer dereference The function brcmf_chip_add_core() can return an error pointer and is not checked. Add checks for error pointer. Detected by Smatch: drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1010 brcmf_chip_recognition() error: 'core' dereferencing possible ERR_PTR() drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1013 brcmf_chip_recognition() error: 'core' dereferencing possible ERR_PTR() drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1016 brcmf_chip_recognition() error: 'core' dereferencing possible ERR_PTR() drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1019 brcmf_chip_recognition() error: 'core' dereferencing possible ERR_PTR() drivers/net/wireless/broadcom/brcm80211/brcmfmac/chip.c:1022 brcmf_chip_recognition() error: 'core' dereferencing possible ERR_PTR() [add missing wifi: prefix]
Title		wifi: brcmfmac: Fix error pointer dereference
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2e0e5a43ed126f896a4ad31ade66c90270601bae https://git.kernel.org/stable/c/334c68750eee84c2327db1d152be83ff5ad8e20b https://git.kernel.org/stable/c/99ef547659178eef6d6ba4738a9d989ce90cf909 https://git.kernel.org/stable/c/a3b45090a91e2f0b9715870d8f8d9ca2fdfbc1af https://git.kernel.org/stable/c/bd6c906e0c4af6d5d0c49c3c4ee090b4913da17d https://git.kernel.org/stable/c/cbea71b4480394708f9a6e007a0385acfe5e1ec8 https://git.kernel.org/stable/c/d3f280be48f1c672cb10e8026c236d0cca60048a https://git.kernel.org/stable/c/dd8592fc6007a451c3e4b9025de365e39de8178a

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:30:32.053Z

Updated: 2026-06-24T16:30:32.053Z

Reserved: 2026-06-09T07:44:35.384Z

Link: CVE-2026-53093

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T20:15:07Z

Weaknesses

CWE-476
NULL Pointer Dereference

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object