CVE-2026-53323
MEDIUMnet: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops DSA replaces the conduit (master) device's ethtool_ops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again inside the DSA wrappers causes a deadlock. Stumbled upon this when booting qemu with fbnic and CONFIG_NET_DSA_LOOP=y (which looks like some kind of testing device that auto-populates the ports of eth0). `ethtool -i` is enough to deadlock. This means we have basically zero coverage for DSA stuff with real ops locked devs. Remove the redundant netdev_lock_ops()/netdev_unlock_ops() calls from the DSA conduit ethtool wrappers.
Scores
CVSS v3
5.5
EPSS
0.0009
EPSS Percentile
0.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-667
Status
published
Products (11)
linux/Kernel
6.15.0 - 6.18.33linux
linux/Kernel
6.19.0 - 7.0.10linux
Linux/Linux
< 6.15
Linux/Linux
2bcf4772e45adb00649a4e9cbff14b08a144f9e3 - 0f99e0c3e19badaf3fdced0d3feba623e59eed41
Linux/Linux
2bcf4772e45adb00649a4e9cbff14b08a144f9e3 - 74d64ae4254e99ef8c8215b057a76edac82c5f99
Linux/Linux
2bcf4772e45adb00649a4e9cbff14b08a144f9e3 - abe91fd045874d21834482adcd7a9693e7377056
Linux/Linux
6.15
Linux/Linux
6.18.33 - 6.18.*
Linux/Linux
7.0.10 - 7.0.*
Linux/Linux
7.1
... and 1 more
Published
Jun 26, 2026
Tracked Since
Jun 27, 2026