CVE Catalog

CVE-2026-53087

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

29th percentile — higher than 29% of all known CVEs

Summary

In the Linux kernel, the bcmgenet driver has a vulnerability where free buffer descriptors (free_bds) leak during TX queue reclaim. Fast-forwarding the write pointer skips returning dropped frames to the free pool, leading to resource exhaustion.

Risk Assessment

The organization risks gradual depletion of buffer descriptor pools, potentially causing network transmission stalls and failure of services relying on the bcmgenet interface.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit addressing the issue) and apply relevant security patches from your distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking free_bds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that we are dropping said data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS