In the Linux kernel, the following vulnerability has been resolved:
net: bcmgenet: fix off-by-one in bcmgenetputtxcb
The writeptr points to the next open txcb. We want to return the txcb that gets rewinded, so we must rewind the pointer first then return the txcb that it points to. That way the txcb can be correctly cleaned up.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53088.json",
"cna_assigner": "Linux"
}