CVE-2026-53088

Description

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix off-by-one in bcmgenet_put_txcb The write_ptr points to the next open tx_cb. We want to return the tx_cb that gets rewinded, so we must rewind the pointer first then return the tx_cb that it points to. That way the txcb can be correctly cleaned up.

References

• https://git.kernel.org/stable/c/14e9f86564fff7bcf7f45c1b69080e837b31d185
• https://git.kernel.org/stable/c/29394f722f620281f2ee9a47f947734e53d72c90
• https://git.kernel.org/stable/c/2a74590170427a3ca7cc4bb8690cdd559129c29c
• https://git.kernel.org/stable/c/4cab761fc51c65aef741fcece4a18f3554edbc09
• https://git.kernel.org/stable/c/57f3f53d2c9c5a9e133596e2f7bc1c50688a6d38