CVE-2026-53177
Analyzed Analyzed - Analysis Complete

NULL Pointer Dereference in Broadcom bnxt_en Network Driver

Vulnerability report for CVE-2026-53177, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-06

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .error_detected() callback, bnxt_io_error_detected(), disables and synchronizes IRQs via bnxt_disable_int_sync(), which calls bnxt_cp_num_to_irq_num() to map completion rings to IRQs using bp->bnapi. Since bp->bnapi is allocated on NIC open and freed on NIC close, PCIe error recovery on a closed NIC can dereference a NULL pointer. Check if bp->bnapi is NULL before disabling and synchronizing IRQs.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-06
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 5.16 (inc) to 6.1.176 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.143 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.36 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.94 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.13 (exc)
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 4.17 (inc) to 5.15.210 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's bnxt_en driver, where a NULL pointer dereference can occur during PCIe error recovery.

When PCIe errors are detected by a Root Port or Downstream Port, error recovery services run on all subordinate devices regardless of their administrative state.

The error_detected callback function, bnxt_io_error_detected(), disables and synchronizes interrupts by calling bnxt_disable_int_sync(), which maps completion rings to IRQs using a pointer called bp->bnapi.

Since bp->bnapi is allocated when the network interface card (NIC) is opened and freed when it is closed, if PCIe error recovery occurs on a closed NIC, the code may dereference a NULL pointer, leading to a potential crash or instability.

The fix involves checking if bp->bnapi is NULL before disabling and synchronizing IRQs to prevent this NULL pointer dereference.

Mitigation Strategies

The vulnerability is caused by PCIe error recovery running on a closed NIC, leading to a NULL pointer dereference. Immediate mitigation involves ensuring that the Linux kernel is updated to a version where this issue is fixed.

Specifically, the fix checks if the bp->bnapi pointer is NULL before disabling and synchronizing IRQs, preventing the NULL pointer dereference.

Therefore, applying the latest Linux kernel updates that include this fix is the recommended immediate step.

Impact Analysis

This vulnerability can cause a NULL pointer dereference in the Linux kernel's network driver, which may lead to system crashes or instability during PCIe error recovery on network devices.

Such crashes can result in denial of service conditions, potentially disrupting network connectivity and affecting system availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53177. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart