CVE-2026-53231
Analyzed Analyzed - Analysis Complete

PHY-Driven SFP Cage Deadlock in Linux Kernel

Vulnerability report for CVE-2026-53231, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-02

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfp_bus_add_upstream() for genphy deadlocks, as for genphy the PHY probing runs under RTNL, which isn't the case for non-genphy drivers. This problem was reproduced, and does lead to a deadlock on RTNL. Before the blamed commit, the phy_sfp_probe() call was made by individual PHY drivers, so there was no way to get to the SFP probing path when using genphy. Let's therefore only run phy_sfp_probe when not using genphy.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-02
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 7.0 (inc) to 7.0.13 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's network PHY (physical layer) code related to SFP (Small Form-factor Pluggable) cages. Specifically, the issue arises when the genphy driver is used. The kernel attempts to set up PHY-driven SFP cages even though genphy does not support this. Running the function sfp_bus_add_upstream() for genphy causes a deadlock because PHY probing under genphy runs under the RTNL (rtnetlink) lock, unlike non-genphy drivers. This leads to a deadlock situation on RTNL.

The fix involves changing the code so that phy_sfp_probe() is only called when not using genphy, preventing the deadlock scenario.

Impact Analysis

This vulnerability can cause a deadlock in the Linux kernel's network PHY code when using genphy drivers with SFP cages. A deadlock in RTNL can halt or severely disrupt network-related operations, potentially causing system instability or degraded network performance.

Mitigation Strategies

The vulnerability is resolved by ensuring that the Linux kernel does not attempt to setup PHY-driven SFP cages when using genphy, as this leads to a deadlock.

Immediate mitigation involves updating the Linux kernel to a version that includes the fix where phy_sfp_probe() is only run when not using genphy.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53231. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart