SB2026040650 - Out-of-bounds write in Linux kernel broadcom bnxt driver

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026040650

SB2026040650 - Out-of-bounds write in Linux kernel broadcom bnxt driver

Published: April 6, 2026

Security Bulletin ID SB2026040650
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Out-of-bounds write (CVE-ID: CVE-2026-31395)

The vulnerability allows a local attacker to cause a denial of service or corrupt kernel memory.

The vulnerability exists due to an out-of-bounds write in bnxt_async_event_process() when processing the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER async event. A local attacker can use a malicious or compromised NIC that supplies a crafted type value to trigger an out-of-bounds access and corrupt kernel memory or cause a crash.

The issue occurs because a firmware-supplied 16-bit type field from DMA-mapped completion ring memory is used directly as an index into bp->bs_trace[] without bounds validation.


Remediation

Install update from vendor's website.

References