CVE-2026-53177
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
In the Linux kernel, the bnxt_en driver has a NULL pointer dereference vulnerability. It occurs when PCIe error recovery runs on a closed network interface, and bnxt_io_error_detected() accesses the uninitialized bp->bnapi structure.
Risk Assessment
An attacker exploiting a PCIe error could cause a kernel panic on servers with Broadcom NetXtreme adapters, leading to network service disruption.
Recommendation
Immediately update the Linux kernel to a version containing the fix that adds a NULL check for bp->bnapi before calling bnxt_disable_int_sync().
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .error_detected() callback, bnxt_io_error_detected(), disables and synchronizes IRQs via bnxt_disable_int_sync(), which calls bnxt_cp_num_to_irq_num() to map completion rings to IRQs using bp->bnapi. Since bp->bnapi is allocated on NIC open and freed on NIC close, PCIe error recovery on a closed NIC can dereference a NULL pointer. Check if bp->bnapi is NULL before disabling and synchronizing IRQs.

