CVE-2026-53087
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk29th percentile — higher than 29% of all known CVEs
Summary
In the Linux kernel, the bcmgenet driver has a vulnerability where free buffer descriptors (free_bds) leak during TX queue reclaim. Fast-forwarding the write pointer skips returning dropped frames to the free pool, leading to resource exhaustion.
Risk Assessment
The organization risks gradual depletion of buffer descriptor pools, potentially causing network transmission stalls and failure of services relying on the bcmgenet interface.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit addressing the issue) and apply relevant security patches from your distribution.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking free_bds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that we are dropping said data.

