Description
In the Linux kernel, the following vulnerability has been resolved:

net: phy: clean the sfp upstream if phy probing fails

Sashiko reported that we don't call sfp_bus_del_upstream() in the probe
failure path, so let's add it, otherwise the sfp-bus is left with a
dangling 'upstream' field, that may be used later on during SFP events.

This issue existed before the generic phylib sfp support, back when
drivers were calling phy_sfp_probe themselves.
Published: 2026-06-25
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The kernel firmware for SFP devices omits a cleanup step when a PHY probe fails, leaving the SFP bus object with a dangling upstream reference. When the device later processes an SFP event that reads this stale pointer, undefined kernel behavior can occur, potentially causing a crash and a denial of service. This is a classic use‑after‑free vulnerability (CWE‑459).

Affected Systems

All Linux kernel builds that enable the generic PhyLib SFP support and have not yet incorporated the commit that adds sfp_bus_del_upstream() in the probe failure path are affected. Legacy drivers that performed direct calls to phy_sfp_probe before the generic support are also vulnerable unless the kernel has been updated past commit 48774e87bbaa0056819d4b52301e4692e50e3252.

Risk and Exploitability

The CVSS score of 8.8 underscores a high severity level, yet the EPSS of less than 1% indicates a very low probability of exploitation in the wild. The vulnerability is not yet listed in CISA’s KEV catalog. Based on the description, it is inferred that exploitation would require an attacker to induce a PHY probe failure—likely by controlling a device that performs probing—and then trigger an SFP event that reads the dangling upstream pointer. While no public exploits exist, this scenario is achievable on systems where the attacker has sufficient local privilege to influence PHY probing, making the risk moderate and primarily a denial‑of‑service threat.

Generated by OpenCVE AI on June 28, 2026 at 14:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel that incorporates commit 48774e87bbaa0056819d4b52301e4692e50e3252, which removes the dangling upstream reference.
  • If a kernel upgrade cannot be performed immediately, backport this commit into the current kernel source, rebuild the kernel, and reboot.
  • If SFP support is not required for the environment, unload or disable the phylib‑SFP module to eliminate the vulnerable code path.

Generated by OpenCVE AI on June 28, 2026 at 14:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Jul 2026 11:45:00 +0000


Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Fri, 26 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CWE-476

Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-459
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CWE-476

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfp_bus_del_upstream() in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be used later on during SFP events. This issue existed before the generic phylib sfp support, back when drivers were calling phy_sfp_probe themselves.
Title net: phy: clean the sfp upstream if phy probing fails
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-16T11:13:52.974Z

Reserved: 2026-06-09T07:44:35.393Z

Link: CVE-2026-53232

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53232 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:15:08Z

Weaknesses