Vulnerability Details CVE-2026-53231
In the Linux kernel, the following vulnerability has been resolved:
net: phy: don't try to setup PHY-driven SFP cages when using genphy
We don't have support for PHY-driver SFP cages with the genphy code.
On top of that, it was found by sashiko that running
sfp_bus_add_upstream() for genphy deadlocks, as for genphy the PHY
probing runs under RTNL, which isn't the case for non-genphy drivers.
This problem was reproduced, and does lead to a deadlock on RTNL.
Before the blamed commit, the phy_sfp_probe() call was made by
individual PHY drivers, so there was no way to get to the SFP probing
path when using genphy.
Let's therefore only run phy_sfp_probe when not using genphy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 0.5%
CVSS Severity
CVSS v3 Score 5.5
Products affected by CVE-2026-53231
-
cpe:2.3:o:linux:linux_kernel:7.0
-
cpe:2.3:o:linux:linux_kernel:7.0.1
-
cpe:2.3:o:linux:linux_kernel:7.0.10
-
cpe:2.3:o:linux:linux_kernel:7.0.2
-
cpe:2.3:o:linux:linux_kernel:7.0.3
-
cpe:2.3:o:linux:linux_kernel:7.0.5
-
cpe:2.3:o:linux:linux_kernel:7.0.6
-
cpe:2.3:o:linux:linux_kernel:7.1