CVE-2026-53231 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

net: phy: don't try to setup PHY-driven SFP cages when using genphy

We don't have support for PHY-driver SFP cages with the genphy code.

On top of that, it was found by sashiko that running
sfp_bus_add_upstream() for genphy deadlocks, as for genphy the PHY
probing runs under RTNL, which isn't the case for non-genphy drivers.

This problem was reproduced, and does lead to a deadlock on RTNL.

Before the blamed commit, the phy_sfp_probe() call was made by
individual PHY drivers, so there was no way to get to the SFP probing
path when using genphy.

Let's therefore only run phy_sfp_probe when not using genphy.

Published: 2026-06-25

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel networking driver attempts to perform PHY‑driven SFP cage probing while using genphy drivers, which runs under the RTNL lock. This path was never intended for genphy, leading to a deadlock on the RTNL lock and halting the kernel’s network stack. The deadlock prevents the kernel from progressing with synchronization primitives, causing the system to become unresponsive and resulting in a denial of service. The weakness is a concurrency error that permits a local attacker to trigger a kernel deadlock.

Affected Systems

All Linux kernels that include the genphy code path for PHY drivers are vulnerable. The flaw appears in any distribution that ships a kernel built before the patch commit 5a0082ec20a05ef2378410323a5089a8f1786f4a. The vendor is Linux, though no specific version range is listed in the advisory; any kernel compiled without the fix is impacted.

Risk and Exploitability

The vulnerability has no publicly available exploit, and its EPSS score is not released. Nevertheless, a successful exploitation requires local access or control over network interfaces to load or reconfigure drivers, making it a high‑impact kernel deadlock. The lack of KEV listing suggests limited exploitation exposure, but the severity of the denial of service remains significant.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`bad869b5e41a08424ff130fd6bb41b854be70095`	affected	< ef8d739eee6f85303cbecebc01eb72f063de74e0
`bad869b5e41a08424ff130fd6bb41b854be70095`	affected	< 5a0082ec20a05ef2378410323a5089a8f1786f4a

Linux

affected

Version	Status	Constraints
`7.0`	affected	—
`0`	unaffected	< 7.0
`7.0.13`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the kernel patch that removes SFP probing from genphy drivers (commit 5a0082ec20a05ef2378410323a5089a8f1786f4a).
If an upgrade is not possible, disable SFP cage support or avoid using genphy drivers by modifying network configuration or unloading affected modules until the fix is applied.
Continuously monitor system logs for RTNL deadlock messages or SFP probing errors to verify that the corrected code is running.

Generated by OpenCVE AI on June 25, 2026 at 12:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00162.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/5a0082ec20a05ef2378410323a5089a8f1786f4a
https://git.kernel.org/stable/c/ef8d739eee6f85303cbecebc01eb72f063de74e0

History

Thu, 25 Jun 2026 13:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-758

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfp_bus_add_upstream() for genphy deadlocks, as for genphy the PHY probing runs under RTNL, which isn't the case for non-genphy drivers. This problem was reproduced, and does lead to a deadlock on RTNL. Before the blamed commit, the phy_sfp_probe() call was made by individual PHY drivers, so there was no way to get to the SFP probing path when using genphy. Let's therefore only run phy_sfp_probe when not using genphy.
Title		net: phy: don't try to setup PHY-driven SFP cages when using genphy
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/5a0082ec20a05ef2378410323a5089a8f1786f4a https://git.kernel.org/stable/c/ef8d739eee6f85303cbecebc01eb72f063de74e0

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:39:29.871Z

Updated: 2026-06-25T08:39:29.871Z

Reserved: 2026-06-09T07:44:35.393Z

Link: CVE-2026-53231

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-25T12:45:15Z

Weaknesses

CWE-758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object