CVE-2026-53232EXPLOITEDPATCHED

linux · linux kernel

net: phy: clean the sfp upstream if phy probing fails

Description

In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfp_bus_del_upstream() in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be used later on during SFP events. This issue existed before the generic phylib sfp support, back when drivers were calling phy_sfp_probe themselves.

Affected Products

Vendor	Product	Versions
linux	linux kernel	298e54fa810e027f1b0800d789eb862592721f08, 5.5

References

https://git.kernel.org/stable/c/48774e87bbaa0056819d4b52301e4692e50e3252

Related News (3 articles)

Tier A

Microsoft MSRC2h ago

CVE-2026-53232 net: phy: clean the sfp upstream if phy probing fails

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-53232 | Linux Kernel net sfp_bus_del_upstream privilege escalation

→ No new info (linked only)

Tier C

Linux Kernel CVEs3d ago

CVE-2026-53232: net: phy: clean the sfp upstream if phy probing fails

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

48774e87bbaa0056819d4b52301e4692e50e3252

PublishedJun 25, 2026

Last enriched2d agov3

Trending Score62

Source articles3

Independent3

Info Completeness8/14

Missing: cvss, epss, cwe, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-31431EXPKEV

crypto: algif_aead - Revert to operating out-of-place

Trending: 111

HIGHCVE-2026-43284EXPKEV

xfrm: esp: avoid in-place decrypt on shared skb frags

Trending: 106

HIGHCVE-2026-43500EXPKEV

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

Trending: 100

HIGHCVE-2026-46243EXP

smb: client: reject userspace cifs.spnego descriptions

Trending: 86

HIGHCVE-2026-46333EXP

ptrace: slightly saner 'get_dumpable()' logic

Trending: 70

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 25, 2026

Discovered by ZDM

Jun 25, 2026

Updated: description, severity

Jun 25, 2026

Updated: description, affectedVersions, exploitAvailable, activelyExploited, patchAvailable

Jun 25, 2026

Actively Exploited

Jun 28, 2026

Exploit Available

Jun 28, 2026

Patch Available

Jun 28, 2026

Version History

Last enriched 2d ago

v3Tier C2d ago

Updated description with technical details, marked exploit as available, and noted active exploitation.

descriptionaffectedVersionsexploitAvailableactivelyExploitedpatchAvailable

via Linux Kernel CVEs

v2Tier C3d ago

Updated severity to CRITICAL, corrected exploit availability to false, and provided a new description detailing the privilege escalation vulnerability.

descriptionseverity

via VulDB

v13d ago

Initial creation