CVE-2026-53088

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: bcmgenet: fix off-by-one in bcmgenet_put_txcb

The write_ptr points to the next open tx_cb. We want to return the tx_cb that gets rewinded, so we must rewind the pointer first then return the tx_cb that it points to. That way the txcb can be correctly cleaned up.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux876dbadd53a7102e2a84afc84ea2bd3ee6dc5636 < 14e9f86564fff7bcf7f45c1b69080e837b31d185affected
LinuxLinux876dbadd53a7102e2a84afc84ea2bd3ee6dc5636 < fb9a3c1f547d0ff024dbfe7b6f327626ddf0a3deaffected
LinuxLinux876dbadd53a7102e2a84afc84ea2bd3ee6dc5636 < 85f34ec320d3881badfd4edc5fee5cd5012bb54daffected
LinuxLinux876dbadd53a7102e2a84afc84ea2bd3ee6dc5636 < 2a74590170427a3ca7cc4bb8690cdd559129c29caffected
LinuxLinux876dbadd53a7102e2a84afc84ea2bd3ee6dc5636 < 29394f722f620281f2ee9a47f947734e53d72c90affected
LinuxLinux876dbadd53a7102e2a84afc84ea2bd3ee6dc5636 < 4cab761fc51c65aef741fcece4a18f3554edbc09affected
LinuxLinux876dbadd53a7102e2a84afc84ea2bd3ee6dc5636 < 72df896e31ddd06fcc5a789f025ad7a62a18bc9baffected
LinuxLinux876dbadd53a7102e2a84afc84ea2bd3ee6dc5636 < 57f3f53d2c9c5a9e133596e2f7bc1c50688a6d38affected
LinuxLinux3bdf77194ea822390b405639b77659071fd2c2e9affected
LinuxLinux3.16.50 < 3.17affected
LinuxLinux4.13affected
LinuxLinux0 < 4.13unaffected
LinuxLinux5.10.258 <= 5.10.*unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.141 <= 6.6.*unaffected
LinuxLinux6.12.91 <= 6.12.*unaffected
LinuxLinux6.18.33 <= 6.18.*unaffected
LinuxLinux7.0.10 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References