CVE Catalog

CVE-2026-53231

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.09%

0th percentile — higher than 0% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found where it attempts to set up PHY-driven SFP cages when using the generic genphy driver. This leads to a deadlock on the RTNL lock because for genphy, PHY probing runs under RTNL, unlike other drivers.

Risk Assessment

A deadlock on the RTNL lock can cause a complete system hang or network failure, disrupting critical services.

Recommendation

Immediately update the Linux kernel to a version containing the fix that only calls phy_sfp_probe when not using genphy.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfp_bus_add_upstream() for genphy deadlocks, as for genphy the PHY probing runs under RTNL, which isn't the case for non-genphy drivers. This problem was reproduced, and does lead to a deadlock on RTNL. Before the blamed commit, the phy_sfp_probe() call was made by individual PHY drivers, so there was no way to get to the SFP probing path when using genphy. Let's therefore only run phy_sfp_probe when not using genphy.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS