net: bcmgenet: fix racing timeout handler

Summary

CVECVE-2026-53086
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-06-24 17:17:22 UTC
Updated2026-06-28 08:16:33 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix racing timeout handler The bcmgenet_timeout handler tries to take down all tx queues when a single queue times out. This is over zealous and causes many race conditions with queues that are still chugging along. Instead lets only restart the timed out queue.

Risk And Classification

Primary CVSS: v3.1 9.8 CRITICAL from 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS: 0.003860000 probability, percentile 0.304110000 (date 2026-06-30)


VersionSourceTypeScoreSeverityVector
3.1416baaa9-dc9f-4396-8d5f-8c081fb06d67Secondary9.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1CNADECLARED9.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v3.1 Breakdown

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 13ea657806cf73b379a0109f7042182f47c351a7 e85b0c0a12e967930044608311471b665baa315c git Not specified
CNA Linux Linux affected 13ea657806cf73b379a0109f7042182f47c351a7 e8206538cbaf4f4068e99a4cb1138690a1e00499 git Not specified
CNA Linux Linux affected 13ea657806cf73b379a0109f7042182f47c351a7 681fdfe823b4f1036ed50b58b8838c7917ea389c git Not specified
CNA Linux Linux affected 13ea657806cf73b379a0109f7042182f47c351a7 c270e2bec3e55a716d25c35341091339457ac883 git Not specified
CNA Linux Linux affected 13ea657806cf73b379a0109f7042182f47c351a7 7ce1c26aac3b318886a57425f64b522da7389153 git Not specified
CNA Linux Linux affected 13ea657806cf73b379a0109f7042182f47c351a7 5393b2b5bee2ac51a0043dc7f4ac3475f053d08d git Not specified
CNA Linux Linux affected 4.2 Not specified
CNA Linux Linux unaffected 4.2 semver Not specified
CNA Linux Linux unaffected 6.1.175 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.141 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.91 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.33 6.18.* semver Not specified
CNA Linux Linux unaffected 7.0.10 7.0.* semver Not specified
CNA Linux Linux unaffected 7.1 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/681fdfe823b4f1036ed50b58b8838c7917ea389c 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/e85b0c0a12e967930044608311471b665baa315c 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/7ce1c26aac3b318886a57425f64b522da7389153 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/c270e2bec3e55a716d25c35341091339457ac883 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/5393b2b5bee2ac51a0043dc7f4ac3475f053d08d 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/e8206538cbaf4f4068e99a4cb1138690a1e00499 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report