CVE-2026-53231
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk0th percentile — higher than 0% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found where it attempts to set up PHY-driven SFP cages when using the generic genphy driver. This leads to a deadlock on the RTNL lock because for genphy, PHY probing runs under RTNL, unlike other drivers.
Risk Assessment
A deadlock on the RTNL lock can cause a complete system hang or network failure, disrupting critical services.
Recommendation
Immediately update the Linux kernel to a version containing the fix that only calls phy_sfp_probe when not using genphy.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfp_bus_add_upstream() for genphy deadlocks, as for genphy the PHY probing runs under RTNL, which isn't the case for non-genphy drivers. This problem was reproduced, and does lead to a deadlock on RTNL. Before the blamed commit, the phy_sfp_probe() call was made by individual PHY drivers, so there was no way to get to the SFP probing path when using genphy. Let's therefore only run phy_sfp_probe when not using genphy.

