Skip to main content

Linux Kernel EUVDEUVD-2026-38955

| CVE-2026-53087 HIGH
2026-06-24 Linux GHSA-jgp5-77cc-cfg7
7.5
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

Leak triggers via the local TX reclaim path under specific queue/link conditions (AV:L, AC:H, PR:L); cumulative BD exhaustion eventually halts interface transmission (A:H); no confidentiality/integrity impact.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 09:07 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
7.5 (HIGH)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:30 cve.org
HIGH 7.5
CVE Published
Jun 24, 2026 - 16:30 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: bcmgenet: fix leaking free_bds

While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that we are dropping said data.

AnalysisAI

Denial-of-service via resource leak in the Linux kernel's Broadcom GENET (bcmgenet) Ethernet driver allows the transmit buffer-descriptor (BD) pool to be slowly exhausted. When the driver reclaims a TX queue and fast-forwards the write pointer to drop in-flight frames, those dropped frames' buffer descriptors are never returned to the free_bds pool and the netdev is not told the frames were dropped, gradually starving the TX ring until the interface can no longer transmit. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach GENET-backed interface
Delivery
Induce repeated TX reclaim/drops
Exploit
Buffer descriptors leak from free_bds
Execution
Pool exhausts over time
Impact
Interface TX halts (DoS)

Vulnerability AssessmentAI

Exploitation Requires the target to be running the Linux bcmgenet driver on Broadcom GENET Ethernet hardware (e.g., Raspberry Pi 4/5, Broadcom SoCs) - non-GENET NICs are unaffected. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker (or adverse network conditions) repeatedly induces TX queue reclaim with frames in flight - for example by driving link flaps or congestion that trigger TX drops on a Broadcom GENET interface (e.g., a Raspberry Pi acting as a gateway). Each reclaim leaks buffer descriptors, and over many cycles the free_bds pool is exhausted until the interface stops transmitting, denying network service. …
Remediation Vendor-released patch: update to a fixed stable kernel - 6.18.33, 7.0.10, or 7.1 (or apply the relevant backport for your branch), pulling the bcmgenet fix from the kernel stable tree commits listed at https://git.kernel.org/stable/c/150d06aae1839a6564ab200ef0e7291c3528bbb0 and its siblings; on distribution kernels, install the vendor's updated kernel package. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all systems using Broadcom GENET Ethernet hardware. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38955 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy