CVE-2026-53232

HIGH

net: phy: clean the sfp upstream if phy probing fails

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfp_bus_del_upstream() in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be used later on during SFP events. This issue existed before the generic phylib sfp support, back when drivers were calling phy_sfp_probe themselves.

Scores

CVSS v3 8.8
EPSS 0.0022
EPSS Percentile 12.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (6)
Linux/Linux < 5.5
Linux/Linux 298e54fa810e027f1b0800d789eb862592721f08 - 48774e87bbaa0056819d4b52301e4692e50e3252
Linux/Linux 5.5
Linux/Linux 7.1
linux/linux_kernel 7.1 rc1 (7 CPE variants)
linux/linux_kernel 5.5 - 7.1
Published Jun 25, 2026
Tracked Since Jun 25, 2026