CVE-2026-53232

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: phy: clean the sfp upstream if phy probing fails

Sashiko reported that we don't call sfp_bus_del_upstream() in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be used later on during SFP events.

This issue existed before the generic phylib sfp support, back when drivers were calling phy_sfp_probe themselves.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux298e54fa810e027f1b0800d789eb862592721f08 < 48774e87bbaa0056819d4b52301e4692e50e3252affected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References