Description
In the Linux kernel, the following vulnerability has been resolved:

net: phy: don't try to setup PHY-driven SFP cages when using genphy

We don't have support for PHY-driver SFP cages with the genphy code.

On top of that, it was found by sashiko that running
sfp_bus_add_upstream() for genphy deadlocks, as for genphy the PHY
probing runs under RTNL, which isn't the case for non-genphy drivers.

This problem was reproduced, and does lead to a deadlock on RTNL.

Before the blamed commit, the phy_sfp_probe() call was made by
individual PHY drivers, so there was no way to get to the SFP probing
path when using genphy.

Let's therefore only run phy_sfp_probe when not using genphy.
Published: 2026-06-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Linux kernel networking driver, where the PHY‑centric SFP cage probing routine is mistakenly invoked while using genphy drivers. Because the probe runs under the RTNL locking mechanism, this incorrect path causes the kernel to deadlock on the RTNL lock. When the deadlock occurs, the network stack stalls and the system becomes unresponsive, effectively producing a denial of service. The weakness is a concurrency error described by CWE‑758.

Affected Systems

All Linux kernels that include the genphy code path for PHY drivers and are built without the patch commit 5a0082ec20a05ef2378410323a5089a8f1786f4a are vulnerable. Any distribution shipping an unpatched kernel prior to that commit is impacted, regardless of the distribution version number.

Risk and Exploitability

The CVSS score of 5.5 classifies the flaw as moderately severe. The EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog, further suggesting limited real‑world abuse. Based on the description, it is inferred that an attacker would need local or privileged access to the network subsystem to trigger the deadlock, such as by reconfiguring or reloading network drivers, although this is not explicitly stated. The likely attack vector would therefore involve local or privileged actions rather than remote exploitation.

Generated by OpenCVE AI on June 30, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that removes SFP probing from genphy drivers (commit 5a0082ec20a05ef2378410323a5089a8f1786f4a).
  • Upgrade the kernel to a version released after the patch if a direct patch cannot be applied.
  • If an upgrade is not feasible, disable SFP cage support in the kernel configuration or avoid using genphy drivers by reconfiguring network interfaces until the patch is installed.

Generated by OpenCVE AI on June 30, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Thu, 25 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-758

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfp_bus_add_upstream() for genphy deadlocks, as for genphy the PHY probing runs under RTNL, which isn't the case for non-genphy drivers. This problem was reproduced, and does lead to a deadlock on RTNL. Before the blamed commit, the phy_sfp_probe() call was made by individual PHY drivers, so there was no way to get to the SFP probing path when using genphy. Let's therefore only run phy_sfp_probe when not using genphy.
Title net: phy: don't try to setup PHY-driven SFP cages when using genphy
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:29.871Z

Reserved: 2026-06-09T07:44:35.393Z

Link: CVE-2026-53231

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53231 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T02:30:05Z

Weaknesses
  • CWE-758

    Reliance on Undefined, Unspecified, or Implementation-Defined Behavior