Description
In the Linux kernel, the following vulnerability has been resolved:

bnxt_en: Fix NULL pointer dereference

PCIe errors detected by a Root Port or Downstream Port cause error
recovery services to run on all subordinate devices regardless of
administrative state.

The .error_detected() callback, bnxt_io_error_detected(), disables
and synchronizes IRQs via bnxt_disable_int_sync(), which calls
bnxt_cp_num_to_irq_num() to map completion rings to IRQs using
bp->bnapi.

Since bp->bnapi is allocated on NIC open and freed on NIC close, PCIe
error recovery on a closed NIC can dereference a NULL pointer.

Check if bp->bnapi is NULL before disabling and synchronizing IRQs.
Published: 2026-06-25
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A NULL pointer dereference occurs in the Linux kernel bnxt_en driver when PCIe error recovery runs on a device that has already been closed. The routine bnxt_io_error_detected() attempts to disable and synchronize interrupts through a mapping function that assumes a valid bp->bnapi pointer, which is NULL on a closed NIC. The dereference leads to a kernel crash, disrupting system stability and availability.

Affected Systems

All Linux kernel installations that include the bnxt_en network driver are potentially affected; version details are not specified in the advisory, but the issue exists in pre‑patch kernel releases. Users should verify whether their kernel contains the commit that applies the NULL‑check guard.

Risk and Exploitability

The advisory does not list a CVSS score or EPSS value, and the vulnerability is not in the CISA KEV catalog. Because the flaw is triggered during internal PCIe error handling, it is likely exploitable only by a privileged user or through a local attack vector that can induce PCIe errors on a closed Network Interface Card. The main risk is a local denial of service through a forced kernel crash, with no evidence of remote code execution or privilege escalation in the provided description.

Generated by OpenCVE AI on June 25, 2026 at 11:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the commit implementing the NULL check in bnxt_io_error_detected()
  • If an immediate kernel upgrade is not possible, unload or disable the bnxt_en driver with modprobe -r or by blacklisting it until a patched kernel is available
  • As a temporary workaround, monitor system logs for PCIe error events and avoid triggering error recovery on closed NICs by ensuring NICs are properly closed before power-down sequences

Generated by OpenCVE AI on June 25, 2026 at 11:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .error_detected() callback, bnxt_io_error_detected(), disables and synchronizes IRQs via bnxt_disable_int_sync(), which calls bnxt_cp_num_to_irq_num() to map completion rings to IRQs using bp->bnapi. Since bp->bnapi is allocated on NIC open and freed on NIC close, PCIe error recovery on a closed NIC can dereference a NULL pointer. Check if bp->bnapi is NULL before disabling and synchronizing IRQs.
Title bnxt_en: Fix NULL pointer dereference
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:38:53.347Z

Reserved: 2026-06-09T07:44:35.389Z

Link: CVE-2026-53177

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T11:15:10Z

Weaknesses