HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-53086Published Modified CNA Linux

CVE-2026-53086: net: bcmgenet: fix racing timeout handler

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix racing timeout handler The bcmgenet_timeout handler tries to take down all tx queues when a single queue times out. This is over zealous and causes many race conditions with queues that are still chugging along. Instead lets only restart the timed out queue.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
0
Affected Products
2

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A race condition vulnerability exists in the Linux kernel's bcmgenet network driver, reachable over the network without any authentication. The flaw is triggered when a transmit queue timeout fires and the handler incorrectly shuts down all TX queues rather than only the timed-out one, creating race conditions with active queues. Successful exploitation gives an attacker full read, write, and availability impact on the affected system. Patched-image rebuilds at the fix versions (6.1.175, 6.6.141, and 6.12.91) are available on HarborGuard for environments running affected kernel versions.

HarborGuard Coverage

Detection

Detection of CVE-2026-53086 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle affected Linux kernel versions. Any image in a connected registry or CI pipeline running a vulnerable kernel release is flagged automatically.

Available
Triage

HarborGuard is capable of scoring this CVE at its published CVSS v3.1 rating of 9.8 (Critical) and weighting that score against each environment's compliance policy to determine urgency. Triage results are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild targeting the fixed kernel versions (6.1.175, 6.6.141, or 6.12.91) becomes available on HarborGuard once the upstream fix is confirmed against a customer's base image. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in environments with auto-remediation enabled.

Available

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable code path is exposed over the network, meaning an attacker must be able to reach the affected host's network interface to trigger the race condition.

  • AuthenticationNot required

    No credentials or account privileges are needed; the vulnerability can be triggered by an unauthenticated network peer.

  • Victim interactionNot required

    No user or administrator action is required to complete exploitation; the attacker does not need to social-engineer anyone.

  • Attack complexityDetail

    Attack complexity is rated Low, meaning the exploit is reliable and does not depend on race-window timing from the attacker's side, environmental layout, or other preconditions outside the attacker's control.

Blast Radius

  • A successful attacker reads kernel memory contents, which may include session tokens, cryptographic keys, or other sensitive data held in the affected system.
  • The attacker can write to kernel memory structures, modifying persisted state or injecting malicious data into active network flows.
  • The racing timeout handler can crash or hang the bcmgenet network driver, taking down network connectivity for the affected host.
  • A kernel crash or corrupted driver state may require a full host reboot, disrupting all services running on that node.

How HarborGuard Handles This

Available on HarborGuard: detection of CVE-2026-53086 is active for any image containing an affected Linux kernel version, with results surfaced within minutes of scan completion. For environments running an affected kernel (any version prior to 6.1.175, 6.6.141, or 6.12.91), a rebuilt base image at the appropriate fixed version is available. Where compliance policy permits auto-remediation, HarborGuard will rebuild the image, execute regression tests, and open a pull request against affected workloads; at Critical severity, the median time from CVE publication to merged patch PR is approximately 90 minutes. For environments where auto-remediation is not enabled, the scan report identifies each affected image by layer and kernel version, giving engineering teams the precise scope needed to prioritize manual upgrades. Network-policy controls that restrict unsolicited inbound traffic to affected hosts serve as a compensating control while a kernel upgrade is planned.

See how HarborGuard automates this

Fix available

05393b2b5bee2ac51a0043dc7f4ac3475f053d08d6.1.1756.6.1416.12.916.18.33681fdfe823b4f1036ed50b58b8838c7917ea389c7.0.107.17ce1c26aac3b318886a57425f64b522da7389153c270e2bec3e55a716d25c35341091339457ac883e8206538cbaf4f4068e99a4cb1138690a1e00499e85b0c0a12e967930044608311471b665baa315c
Affected packages
  • Linux / Linux
    < e85b0c0a12e967930044608311471b665baa315c (from 13ea657806cf73b379a0109f7042182f47c351a7) · < e8206538cbaf4f4068e99a4cb1138690a1e00499 (from 13ea657806cf73b379a0109f7042182f47c351a7) · < 681fdfe823b4f1036ed50b58b8838c7917ea389c (from 13ea657806cf73b379a0109f7042182f47c351a7) · < c270e2bec3e55a716d25c35341091339457ac883 (from 13ea657806cf73b379a0109f7042182f47c351a7) · < 7ce1c26aac3b318886a57425f64b522da7389153 (from 13ea657806cf73b379a0109f7042182f47c351a7) · < 5393b2b5bee2ac51a0043dc7f4ac3475f053d08d (from 13ea657806cf73b379a0109f7042182f47c351a7)
  • Linux / Linux
    4.2
    Fixed in 0, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, 7.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References