CVE-2026-53177
Received Received - Intake
NULL Pointer Dereference in Broadcom bnxt_en Network Driver

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .error_detected() callback, bnxt_io_error_detected(), disables and synchronizes IRQs via bnxt_disable_int_sync(), which calls bnxt_cp_num_to_irq_num() to map completion rings to IRQs using bp->bnapi. Since bp->bnapi is allocated on NIC open and freed on NIC close, PCIe error recovery on a closed NIC can dereference a NULL pointer. Check if bp->bnapi is NULL before disabling and synchronizing IRQs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53177
EUVD
EUVD-2026-39268
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's bnxt_en driver, where a NULL pointer dereference can occur during PCIe error recovery.

When PCIe errors are detected by a Root Port or Downstream Port, error recovery services run on all subordinate devices regardless of their administrative state.

The error_detected callback function, bnxt_io_error_detected(), disables and synchronizes interrupts by calling bnxt_disable_int_sync(), which maps completion rings to IRQs using a pointer called bp->bnapi.

Since bp->bnapi is allocated when the network interface card (NIC) is opened and freed when it is closed, if PCIe error recovery occurs on a closed NIC, the code may dereference a NULL pointer, leading to a potential crash or instability.

The fix involves checking if bp->bnapi is NULL before disabling and synchronizing IRQs to prevent this NULL pointer dereference.

Impact Analysis

This vulnerability can cause a NULL pointer dereference in the Linux kernel's network driver, which may lead to system crashes or instability during PCIe error recovery on network devices.

Such crashes can result in denial of service conditions, potentially disrupting network connectivity and affecting system availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53177. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart