Skip to main content

Linux Kernel CVE-2026-53088

| EUVDEUVD-2026-38956 CRITICAL
2026-06-24 Linux GHSA-mqvv-mhq8-mx45
9.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
5.3 MEDIUM

TX cleanup bug is triggered locally on GENET hardware via timing-sensitive ring exhaustion (AV:L/AC:H/PR:L); impact is mainly crash (A:H) with possible stale-data leak (C:L), not RCE.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 09:08 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
9.8 (CRITICAL)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:30 cve.org
CRITICAL 9.8
CVE Published
Jun 24, 2026 - 16:30 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: bcmgenet: fix off-by-one in bcmgenet_put_txcb

The write_ptr points to the next open tx_cb. We want to return the tx_cb that gets rewinded, so we must rewind the pointer first then return the tx_cb that it points to. That way the txcb can be correctly cleaned up.

AnalysisAI

Memory mishandling in the Linux kernel's Broadcom GENET (bcmgenet) Ethernet driver stems from an off-by-one error in bcmgenet_put_txcb(), where the function returned the wrong transmit control block (tx_cb) because the write pointer was rewound after reading instead of before, causing incorrect cleanup of TX descriptors. The flaw affects systems using Broadcom GENET network controllers (notably Raspberry Pi 4/5 and various Broadcom SoCs) running affected kernels prior to the stable fixes. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Run code on GENET-equipped host
Delivery
Drive heavy TX traffic on interface
Exploit
Trigger off-by-one in bcmgenet_put_txcb
Execution
Mismanage tx_cb cleanup
Persist
Corrupt TX-ring state or leak stale data
Impact
Kernel/driver crash or info disclosure

Vulnerability AssessmentAI

Exploitation Exploitation requires the host to actually use the Broadcom GENET Ethernet controller (bcmgenet driver) - i.e., specific Broadcom SoC hardware such as Raspberry Pi 4/5 or comparable BCM platforms; systems without this NIC are not affected regardless of kernel version. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals conflict and should be reconciled before prioritization. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user or a workload on a Broadcom GENET-equipped host (such as a Raspberry Pi) drives heavy or crafted transmit traffic through the onboard Ethernet interface, exercising the TX cleanup path so that bcmgenet_put_txcb() mismanages a transmit control block. The resulting state corruption can crash the driver/kernel (denial of service) or surface stale descriptor data. …
Remediation Vendor-released patch: update to a fixed stable kernel - 5.10.258, 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, or mainline 7.1 (or later on your branch), pulling the corresponding distribution kernel update once your vendor ships it. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit inventory for Broadcom GENET devices (Raspberry Pi 4/5, Broadcom SoC platforms). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53088 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy