CVE-2026-53177 - Vulnerability Details

- bnxt_en: Fix NULL pointer dereference

Description

In the Linux kernel, the following vulnerability has been resolved:

bnxt_en: Fix NULL pointer dereference

PCIe errors detected by a Root Port or Downstream Port cause error
recovery services to run on all subordinate devices regardless of
administrative state.

The .error_detected() callback, bnxt_io_error_detected(), disables
and synchronizes IRQs via bnxt_disable_int_sync(), which calls
bnxt_cp_num_to_irq_num() to map completion rings to IRQs using
bp->bnapi.

Since bp->bnapi is allocated on NIC open and freed on NIC close, PCIe
error recovery on a closed NIC can dereference a NULL pointer.

Check if bp->bnapi is NULL before disabling and synchronizing IRQs.

Published: 2026-06-25

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`e5811b8c09df9bc80eabc95339fceded23f16289`	affected	< 964b1c3eb71afe58bb61c8b984164447e000ae8a
`e5811b8c09df9bc80eabc95339fceded23f16289`	affected	< 59c5a3e69c7630a811565937e64be70b08436761
`e5811b8c09df9bc80eabc95339fceded23f16289`	affected	< 1a418ad0e5e525d1d117dd1601681f75455af320
`e5811b8c09df9bc80eabc95339fceded23f16289`	affected	< 08e57d014ea19f303d5d57a849beb846f37788b7
`e5811b8c09df9bc80eabc95339fceded23f16289`	affected	< 3884976f87448e269908ae61bd5d62d54ce9c0c7
`e5811b8c09df9bc80eabc95339fceded23f16289`	affected	< 580844a9683afe7974856dd5b7886447435b3474
`e5811b8c09df9bc80eabc95339fceded23f16289`	affected	< d930276f2cddd0b7294cac7a8fe7b877f6d9e08d

Linux

affected

Version	Status	Constraints
`4.17`	affected	—
`0`	unaffected	< 4.17
`5.15.210`	unaffected	≤ 5.15.*
`6.1.176`	unaffected	≤ 6.1.*
`6.6.143`	unaffected	≤ 6.6.*
`6.12.94`	unaffected	≤ 6.12.*
`6.18.36`	unaffected	≤ 6.18.*
`7.0.13`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[e5811b8c09df9bc80eabc95339fceded23f16289,964b1c3eb71afe58bb61c8b984164447e000ae8a)`	affected	code_commit	—
`[e5811b8c09df9bc80eabc95339fceded23f16289,59c5a3e69c7630a811565937e64be70b08436761)`	affected	code_commit	—
`[e5811b8c09df9bc80eabc95339fceded23f16289,1a418ad0e5e525d1d117dd1601681f75455af320)`	affected	code_commit	—
`[e5811b8c09df9bc80eabc95339fceded23f16289,08e57d014ea19f303d5d57a849beb846f37788b7)`	affected	code_commit	—
`[e5811b8c09df9bc80eabc95339fceded23f16289,3884976f87448e269908ae61bd5d62d54ce9c0c7)`	affected	code_commit	—
`[e5811b8c09df9bc80eabc95339fceded23f16289,580844a9683afe7974856dd5b7886447435b3474)`	affected	code_commit	—
`[e5811b8c09df9bc80eabc95339fceded23f16289,d930276f2cddd0b7294cac7a8fe7b877f6d9e08d)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.17`	affected	generic	—
`[0,4.17)`	unaffected	generic	—
`[5.15.210,5.16.0)`	unaffected	semver	—
`[6.1.176,6.2.0)`	unaffected	semver	—
`[6.6.143,6.7.0)`	unaffected	semver	—
`[6.12.94,6.13.0)`	unaffected	semver	—
`[6.18.36,6.19.0)`	unaffected	semver	—
`[7.0.13,7.1.0)`	unaffected	semver	—
`[7.1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00172.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/08e57d014ea19f303d5d57a849beb846f37788b7
https://git.kernel.org/stable/c/1a418ad0e5e525d1d117dd1601681f75455af320
https://git.kernel.org/stable/c/3884976f87448e269908ae61bd5d62d54ce9c0c7
https://git.kernel.org/stable/c/580844a9683afe7974856dd5b7886447435b3474
https://git.kernel.org/stable/c/59c5a3e69c7630a811565937e64be70b08436761
https://git.kernel.org/stable/c/964b1c3eb71afe58bb61c8b984164447e000ae8a
https://git.kernel.org/stable/c/d930276f2cddd0b7294cac7a8fe7b877f6d9e08d
https://lore.kernel.org/linux-cve-announce/2026062554-CVE-2026-53177-f6ba@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-53177
https://www.cve.org/CVERecord?id=CVE-2026-53177

History

Tue, 30 Jun 2026 04:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Tue, 30 Jun 2026 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-476

Tue, 30 Jun 2026 00:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026062554-CVE-2026-53177-f6ba@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-53177 https://www.cve.org/CVERecord?id=CVE-2026-53177
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Thu, 25 Jun 2026 11:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .error_detected() callback, bnxt_io_error_detected(), disables and synchronizes IRQs via bnxt_disable_int_sync(), which calls bnxt_cp_num_to_irq_num() to map completion rings to IRQs using bp->bnapi. Since bp->bnapi is allocated on NIC open and freed on NIC close, PCIe error recovery on a closed NIC can dereference a NULL pointer. Check if bp->bnapi is NULL before disabling and synchronizing IRQs.
Title		bnxt_en: Fix NULL pointer dereference
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/08e57d014ea19f303d5d57a849beb846f37788b7 https://git.kernel.org/stable/c/1a418ad0e5e525d1d117dd1601681f75455af320 https://git.kernel.org/stable/c/3884976f87448e269908ae61bd5d62d54ce9c0c7 https://git.kernel.org/stable/c/580844a9683afe7974856dd5b7886447435b3474 https://git.kernel.org/stable/c/59c5a3e69c7630a811565937e64be70b08436761 https://git.kernel.org/stable/c/964b1c3eb71afe58bb61c8b984164447e000ae8a https://git.kernel.org/stable/c/d930276f2cddd0b7294cac7a8fe7b877f6d9e08d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:38:53.347Z

Updated: 2026-06-25T08:38:53.347Z

Reserved: 2026-06-09T07:44:35.389Z

Link: CVE-2026-53177

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Low

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53177 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-30T04:00:08Z

Weaknesses

CWE-476

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object