CVE Catalog

CVE-2026-53177

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

In the Linux kernel, the bnxt_en driver has a NULL pointer dereference vulnerability. It occurs when PCIe error recovery runs on a closed network interface, and bnxt_io_error_detected() accesses the uninitialized bp->bnapi structure.

Risk Assessment

An attacker exploiting a PCIe error could cause a kernel panic on servers with Broadcom NetXtreme adapters, leading to network service disruption.

Recommendation

Immediately update the Linux kernel to a version containing the fix that adds a NULL check for bp->bnapi before calling bnxt_disable_int_sync().

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .error_detected() callback, bnxt_io_error_detected(), disables and synchronizes IRQs via bnxt_disable_int_sync(), which calls bnxt_cp_num_to_irq_num() to map completion rings to IRQs using bp->bnapi. Since bp->bnapi is allocated on NIC open and freed on NIC close, PCIe error recovery on a closed NIC can dereference a NULL pointer. Check if bp->bnapi is NULL before disabling and synchronizing IRQs.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS