CVE-2026-46287 - Vulnerability Details

- net: txgbe: fix RTNL assertion warning when remove module

Description

In the Linux kernel, the following vulnerability has been resolved:

net: txgbe: fix RTNL assertion warning when remove module

For the copper NIC with external PHY, the driver called
phylink_connect_phy() during probe and phylink_disconnect_phy() during
remove. It caused an RTNL assertion warning in phylink_disconnect_phy()
upon module remove.

To fix this, add rtnl_lock() and rtnl_unlock() around the
phylink_disconnect_phy() in remove function.

------------[ cut here ]------------
RTNL: assertion failed at drivers/net/phy/phylink.c (2351)
WARNING: drivers/net/phy/phylink.c:2351 at
phylink_disconnect_phy+0xd8/0xf0 [phylink], CPU#0: rmmod/4464
Modules linked in: ...
CPU: 0 UID: 0 PID: 4464 Comm: rmmod Kdump: loaded Not tainted 7.0.0-rc4+
Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING
PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024
RIP: 0010:phylink_disconnect_phy+0xe4/0xf0 [phylink]
Code: 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 f6 31 ff e9 3a 38 8f e7
48 8d 3d 48 87 e2 ff ba 2f 09 00 00 48 c7 c6 c1 22 24 c0 <67> 48 0f b9 3a
e9 34 ff ff ff 66 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffce7288363ac0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff89654b2a1a00 RCX: 0000000000000000
RDX: 000000000000092f RSI: ffffffffc02422c1 RDI: ffffffffc0239020
RBP: ffffce7288363ae8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8964c4022000
R13: ffff89654fce3028 R14: ffff89654ebb4000 R15: ffffffffc0226348
FS: 0000795e80d93780(0000) GS:ffff896c52857000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005b528b592000 CR3: 0000000170d0f000 CR4: 0000000000f50ef0
PKRU: 55555554
Call Trace:
<TASK>
txgbe_remove_phy+0xbb/0xd0 [txgbe]
txgbe_remove+0x4c/0xb0 [txgbe]
pci_device_remove+0x41/0xb0
device_remove+0x43/0x80
device_release_driver_internal+0x206/0x270
driver_detach+0x4a/0xa0
bus_remove_driver+0x83/0x120
driver_unregister+0x2f/0x60
pci_unregister_driver+0x40/0x90
txgbe_driver_exit+0x10/0x850 [txgbe]
__do_sys_delete_module.isra.0+0x1c3/0x2f0
__x64_sys_delete_module+0x12/0x20
x64_sys_call+0x20c3/0x2390
do_syscall_64+0x11c/0x1500
? srso_alias_return_thunk+0x5/0xfbef5
? do_syscall_64+0x15a/0x1500
? srso_alias_return_thunk+0x5/0xfbef5
? do_fault+0x312/0x580
? srso_alias_return_thunk+0x5/0xfbef5
? __handle_mm_fault+0x9d5/0x1040
? srso_alias_return_thunk+0x5/0xfbef5
? count_memcg_events+0x101/0x1d0
? srso_alias_return_thunk+0x5/0xfbef5
? handle_mm_fault+0x1e8/0x2f0
? srso_alias_return_thunk+0x5/0xfbef5
? do_user_addr_fault+0x2f8/0x820
? srso_alias_return_thunk+0x5/0xfbef5
? irqentry_exit+0xb2/0x600
? srso_alias_return_thunk+0x5/0xfbef5
? exc_page_fault+0x92/0x1c0
entry_SYSCALL_64_after_hwframe+0x76/0x7e

Published: 2026-06-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel txgbe driver includes a flaw where the phylink_disconnect_phy function is invoked during module removal without first acquiring the RTNL lock, resulting in an RTNL assertion warning in drivers/net/phy/phylink.c. This indicates that kernel synchronization requirements were violated, a weakness identified as CWE-414. The warning appears when attempting to unload the txgbe module on systems running a kernel that has not yet applied the corresponding patch.

Affected Systems

All Linux kernel releases that ship the txgbe driver for copper network interface cards with an external PHY and that have not included the commit replacing phylink_disconnect_phy with a properly locked call are affected. This includes every kernel version that contains the txgbe module before the commit 0305e7... was merged.

Risk and Exploitability

EPSS data is not available and the CVE is not listed in the CISA KEV catalog. The issue only manifests when a privileged user unloads the txgbe module, producing a kernel warning; there is no evidence of a system crash or remote exploitation. Consequently, the risk is low to moderate, confined to local environments where module removal is permitted. Monitoring system logs for the RTNL: assertion failed message can provide early detection.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`02b2a6f91b9042552bc3aa728622bda97e3916fa`	affected	< 0305e7118451c7c363c18f8113b0d8e0077ffa4c
`02b2a6f91b9042552bc3aa728622bda97e3916fa`	affected	< 3e223a7fd41ce6fffdb10577df9350385262bf33
`02b2a6f91b9042552bc3aa728622bda97e3916fa`	affected	< d29cafc7e4ee9e28a150ba17e9a565ec5d881fbc
`02b2a6f91b9042552bc3aa728622bda97e3916fa`	affected	< 6c5ec52c68a6a442c8a159615ae092512562318a
`02b2a6f91b9042552bc3aa728622bda97e3916fa`	affected	< e159f05e12cc1111a3103b99375ddf0dfd0e7d63

Linux

affected

Version	Status	Constraints
`6.6`	affected	—
`0`	unaffected	< 6.6
`6.6.140`	unaffected	≤ 6.6.*
`6.12.88`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[02b2a6f91b9042552bc3aa728622bda97e3916fa,0305e7118451c7c363c18f8113b0d8e0077ffa4c)`	affected	code_commit	—
`[02b2a6f91b9042552bc3aa728622bda97e3916fa,3e223a7fd41ce6fffdb10577df9350385262bf33)`	affected	code_commit	—
`[02b2a6f91b9042552bc3aa728622bda97e3916fa,d29cafc7e4ee9e28a150ba17e9a565ec5d881fbc)`	affected	code_commit	—
`[02b2a6f91b9042552bc3aa728622bda97e3916fa,6c5ec52c68a6a442c8a159615ae092512562318a)`	affected	code_commit	—
`[02b2a6f91b9042552bc3aa728622bda97e3916fa,e159f05e12cc1111a3103b99375ddf0dfd0e7d63)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.6`	affected	generic	—
`[0,6.6)`	unaffected	generic	—
`[6.6.140,6.7.0]`	unaffected	semver	—
`[6.12.88,6.13.0]`	unaffected	semver	—
`[6.18.27,6.19.0]`	unaffected	semver	—
`[7.0.4,7.1.0]`	unaffected	semver	—
`[0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the commit adding rtnl_lock around phylink_disconnect_phy in the txgbe driver.
If a kernel upgrade cannot be performed immediately, avoid unloading the txgbe module; keep the driver loaded or disable its interface with network configuration tools rather than module removal.
Configure log monitoring or alerting to detect RTNL: assertion failed messages, so administrators are notified of potential issues.

Generated by OpenCVE AI on June 9, 2026 at 02:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0305e7118451c7c363c18f8113b0d8e0077ffa4c
https://git.kernel.org/stable/c/3e223a7fd41ce6fffdb10577df9350385262bf33
https://git.kernel.org/stable/c/6c5ec52c68a6a442c8a159615ae092512562318a
https://git.kernel.org/stable/c/d29cafc7e4ee9e28a150ba17e9a565ec5d881fbc
https://git.kernel.org/stable/c/e159f05e12cc1111a3103b99375ddf0dfd0e7d63
https://lore.kernel.org/linux-cve-announce/2026060843-CVE-2026-46287-750d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46287
https://www.cve.org/CVERecord?id=CVE-2026-46287

History

Tue, 09 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-414
References		https://lore.kernel.org/linux-cve-announce/2026060843-CVE-2026-46287-750d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46287 https://www.cve.org/CVERecord?id=CVE-2026-46287

Mon, 08 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix RTNL assertion warning when remove module For the copper NIC with external PHY, the driver called phylink_connect_phy() during probe and phylink_disconnect_phy() during remove. It caused an RTNL assertion warning in phylink_disconnect_phy() upon module remove. To fix this, add rtnl_lock() and rtnl_unlock() around the phylink_disconnect_phy() in remove function. ------------[ cut here ]------------ RTNL: assertion failed at drivers/net/phy/phylink.c (2351) WARNING: drivers/net/phy/phylink.c:2351 at phylink_disconnect_phy+0xd8/0xf0 [phylink], CPU#0: rmmod/4464 Modules linked in: ... CPU: 0 UID: 0 PID: 4464 Comm: rmmod Kdump: loaded Not tainted 7.0.0-rc4+ Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 RIP: 0010:phylink_disconnect_phy+0xe4/0xf0 [phylink] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 f6 31 ff e9 3a 38 8f e7 48 8d 3d 48 87 e2 ff ba 2f 09 00 00 48 c7 c6 c1 22 24 c0 <67> 48 0f b9 3a e9 34 ff ff ff 66 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffce7288363ac0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff89654b2a1a00 RCX: 0000000000000000 RDX: 000000000000092f RSI: ffffffffc02422c1 RDI: ffffffffc0239020 RBP: ffffce7288363ae8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8964c4022000 R13: ffff89654fce3028 R14: ffff89654ebb4000 R15: ffffffffc0226348 FS: 0000795e80d93780(0000) GS:ffff896c52857000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005b528b592000 CR3: 0000000170d0f000 CR4: 0000000000f50ef0 PKRU: 55555554 Call Trace: <TASK> txgbe_remove_phy+0xbb/0xd0 [txgbe] txgbe_remove+0x4c/0xb0 [txgbe] pci_device_remove+0x41/0xb0 device_remove+0x43/0x80 device_release_driver_internal+0x206/0x270 driver_detach+0x4a/0xa0 bus_remove_driver+0x83/0x120 driver_unregister+0x2f/0x60 pci_unregister_driver+0x40/0x90 txgbe_driver_exit+0x10/0x850 [txgbe] __do_sys_delete_module.isra.0+0x1c3/0x2f0 __x64_sys_delete_module+0x12/0x20 x64_sys_call+0x20c3/0x2390 do_syscall_64+0x11c/0x1500 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_syscall_64+0x15a/0x1500 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_fault+0x312/0x580 ? srso_alias_return_thunk+0x5/0xfbef5 ? __handle_mm_fault+0x9d5/0x1040 ? srso_alias_return_thunk+0x5/0xfbef5 ? count_memcg_events+0x101/0x1d0 ? srso_alias_return_thunk+0x5/0xfbef5 ? handle_mm_fault+0x1e8/0x2f0 ? srso_alias_return_thunk+0x5/0xfbef5 ? do_user_addr_fault+0x2f8/0x820 ? srso_alias_return_thunk+0x5/0xfbef5 ? irqentry_exit+0xb2/0x600 ? srso_alias_return_thunk+0x5/0xfbef5 ? exc_page_fault+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e
Title		net: txgbe: fix RTNL assertion warning when remove module
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0305e7118451c7c363c18f8113b0d8e0077ffa4c https://git.kernel.org/stable/c/3e223a7fd41ce6fffdb10577df9350385262bf33 https://git.kernel.org/stable/c/6c5ec52c68a6a442c8a159615ae092512562318a https://git.kernel.org/stable/c/d29cafc7e4ee9e28a150ba17e9a565ec5d881fbc https://git.kernel.org/stable/c/e159f05e12cc1111a3103b99375ddf0dfd0e7d63

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-08T15:41:30.791Z

Updated: 2026-06-08T15:41:30.791Z

Reserved: 2026-05-13T15:03:33.110Z

Link: CVE-2026-46287

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-08T17:16:46.770

Modified: 2026-06-08T17:16:46.770

Link: CVE-2026-46287

Redhat

Severity :

Publid Date: 2026-06-08T00:00:00Z

Links: CVE-2026-46287 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-09T02:30:26Z

Weaknesses

CWE-414
Missing Lock Check

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object