CVE-2026-53232 in Linux
Summary
by MITRE • 06/25/2026
In the Linux kernel, the following vulnerability has been resolved:
net: phy: clean the sfp upstream if phy probing fails
Sashiko reported that we don't call sfp_bus_del_upstream() in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be used later on during SFP events.
This issue existed before the generic phylib sfp support, back when drivers were calling phy_sfp_probe themselves.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/25/2026
The vulnerability involves a critical resource management flaw in the Linux kernel's phy subsystem where the SFP (Small Form-factor Pluggable) bus upstream reference is not properly cleaned up during PHY probing failures. This represents a classic dangling pointer scenario that can lead to system instability and potential security implications when handling hot-pluggable network modules. The issue affects the networking stack's ability to maintain consistent state when PHY devices fail to initialize properly, creating a condition where references point to invalid memory locations or stale data structures.
The technical flaw stems from an incomplete error handling path in the SFP bus initialization process within the phy subsystem. When the phy_sfp_probe function encounters a failure during device probing, it fails to invoke sfp_bus_del_upstream() to properly clean up the upstream reference in the SFP bus structure. This leaves the 'upstream' field in a dangling state where it continues to reference a previously allocated resource that may have been freed or reallocated. The vulnerability specifically impacts the generic phylib SFP support framework and existed even before its introduction, indicating a long-standing deficiency in the error handling code path.
The operational impact of this vulnerability manifests when SFP modules are hot-plugged or removed from systems running affected kernel versions. If PHY probing fails during module insertion, subsequent SFP events may attempt to access the dangling upstream reference causing system crashes, memory corruption, or unexpected behavior in network operations. This can result in complete network service disruption and potentially allow for denial of service conditions where legitimate network traffic is blocked due to kernel instability. The vulnerability affects any system utilizing SFP modules with PHY devices that rely on the phylib framework for management.
Mitigation strategies should focus on ensuring proper error handling in all code paths, particularly those involving resource allocation and cleanup operations. The fix requires adding explicit sfp_bus_del_upstream() calls in the probe failure path to maintain consistent state management. Organizations should prioritize kernel updates to versions containing the patched implementation, as this vulnerability can be exploited through normal network module operations without requiring special privileges. Security monitoring should include detection of system crashes or unexpected network behavior related to SFP module handling, with particular attention to error logs indicating resource management issues in the phy subsystem.
This vulnerability aligns with CWE-415: Double Free and CWE-416: Use After Free categories from the Common Weakness Enumeration catalog, representing improper resource management that can lead to system instability. From an ATT&CK framework perspective, this maps to T1499.004: Endpoint Denial of Service, where adversaries could potentially exploit this condition to disrupt network services through controlled SFP module operations. The issue also demonstrates characteristics of T1566.002: Phishing via Service, as the vulnerability may manifest during normal network administration tasks involving hot-pluggable modules. Proper input validation and resource state management should be enforced throughout the phy subsystem to prevent similar conditions in other kernel components that handle dynamic hardware device management.