{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53088","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.384Z","datePublished":"2026-06-24T16:30:27.655Z","dateUpdated":"2026-06-28T06:39:11.191Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-28T06:39:11.191Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmgenet: fix off-by-one in bcmgenet_put_txcb\n\nThe write_ptr points to the next open tx_cb. We want to return the\ntx_cb that gets rewinded, so we must rewind the pointer first then\nreturn the tx_cb that it points to. That way the txcb can be correctly\ncleaned up."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/broadcom/genet/bcmgenet.c"],"versions":[{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"14e9f86564fff7bcf7f45c1b69080e837b31d185","status":"affected","versionType":"git"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"fb9a3c1f547d0ff024dbfe7b6f327626ddf0a3de","status":"affected","versionType":"git"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"85f34ec320d3881badfd4edc5fee5cd5012bb54d","status":"affected","versionType":"git"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"2a74590170427a3ca7cc4bb8690cdd559129c29c","status":"affected","versionType":"git"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"29394f722f620281f2ee9a47f947734e53d72c90","status":"affected","versionType":"git"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"4cab761fc51c65aef741fcece4a18f3554edbc09","status":"affected","versionType":"git"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"72df896e31ddd06fcc5a789f025ad7a62a18bc9b","status":"affected","versionType":"git"},{"version":"876dbadd53a7102e2a84afc84ea2bd3ee6dc5636","lessThan":"57f3f53d2c9c5a9e133596e2f7bc1c50688a6d38","status":"affected","versionType":"git"},{"version":"3bdf77194ea822390b405639b77659071fd2c2e9","status":"affected","versionType":"git"},{"version":"3.16.50","lessThan":"3.17","status":"affected","versionType":"semver"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/broadcom/genet/bcmgenet.c"],"versions":[{"version":"4.13","status":"affected"},{"version":"0","lessThan":"4.13","status":"unaffected","versionType":"semver"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.10.258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.15.209"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.1.175"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.6.141"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.12.91"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.18.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"7.0.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"7.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.50"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/14e9f86564fff7bcf7f45c1b69080e837b31d185"},{"url":"https://git.kernel.org/stable/c/fb9a3c1f547d0ff024dbfe7b6f327626ddf0a3de"},{"url":"https://git.kernel.org/stable/c/85f34ec320d3881badfd4edc5fee5cd5012bb54d"},{"url":"https://git.kernel.org/stable/c/2a74590170427a3ca7cc4bb8690cdd559129c29c"},{"url":"https://git.kernel.org/stable/c/29394f722f620281f2ee9a47f947734e53d72c90"},{"url":"https://git.kernel.org/stable/c/4cab761fc51c65aef741fcece4a18f3554edbc09"},{"url":"https://git.kernel.org/stable/c/72df896e31ddd06fcc5a789f025ad7a62a18bc9b"},{"url":"https://git.kernel.org/stable/c/57f3f53d2c9c5a9e133596e2f7bc1c50688a6d38"}],"title":"net: bcmgenet: fix off-by-one in bcmgenet_put_txcb","x_generator":{"engine":"bippy-1.2.0"}}}}