CVE-2026-53231
Received Received - Intake
PHY-Driven SFP Cage Deadlock in Linux Kernel

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfp_bus_add_upstream() for genphy deadlocks, as for genphy the PHY probing runs under RTNL, which isn't the case for non-genphy drivers. This problem was reproduced, and does lead to a deadlock on RTNL. Before the blamed commit, the phy_sfp_probe() call was made by individual PHY drivers, so there was no way to get to the SFP probing path when using genphy. Let's therefore only run phy_sfp_probe when not using genphy.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53231
EUVD
EUVD-2026-39322
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's network PHY (physical layer) code related to SFP (Small Form-factor Pluggable) cages. Specifically, the issue arises when the genphy driver is used. The kernel attempts to set up PHY-driven SFP cages even though genphy does not support this. Running the function sfp_bus_add_upstream() for genphy causes a deadlock because PHY probing under genphy runs under the RTNL (rtnetlink) lock, unlike non-genphy drivers. This leads to a deadlock situation on RTNL.

The fix involves changing the code so that phy_sfp_probe() is only called when not using genphy, preventing the deadlock scenario.

Impact Analysis

This vulnerability can cause a deadlock in the Linux kernel's network PHY code when using genphy drivers with SFP cages. A deadlock in RTNL can halt or severely disrupt network-related operations, potentially causing system instability or degraded network performance.

Mitigation Strategies

The vulnerability is resolved by ensuring that the Linux kernel does not attempt to setup PHY-driven SFP cages when using genphy, as this leads to a deadlock.

Immediate mitigation involves updating the Linux kernel to a version that includes the fix where phy_sfp_probe() is only run when not using genphy.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53231. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart