{"id":"CVE-2026-53323","summary":"net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops\n\nDSA replaces the conduit (master) device's ethtool_ops with its own\nwrappers that aggregate stats from both the conduit and DSA switch\nports. Taking the lock again inside the DSA wrappers causes a deadlock.\n\nStumbled upon this when booting qemu with fbnic and CONFIG_NET_DSA_LOOP=y\n(which looks like some kind of testing device that auto-populates the ports\nof eth0). `ethtool -i` is enough to deadlock. This means we have basically zero\ncoverage for DSA stuff with real ops locked devs.\n\nRemove the redundant netdev_lock_ops()/netdev_unlock_ops() calls from\nthe DSA conduit ethtool wrappers.","modified":"2026-07-08T08:07:31.552064379Z","published":"2026-06-26T19:41:13.926Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53323.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0f99e0c3e19badaf3fdced0d3feba623e59eed41"},{"type":"WEB","url":"https://git.kernel.org/stable/c/74d64ae4254e99ef8c8215b057a76edac82c5f99"},{"type":"WEB","url":"https://git.kernel.org/stable/c/abe91fd045874d21834482adcd7a9693e7377056"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53323.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53323"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2bcf4772e45adb00649a4e9cbff14b08a144f9e3"},{"fixed":"74d64ae4254e99ef8c8215b057a76edac82c5f99"},{"fixed":"abe91fd045874d21834482adcd7a9693e7377056"},{"fixed":"0f99e0c3e19badaf3fdced0d3feba623e59eed41"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53323.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.15.0"},{"fixed":"6.18.33"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53323.json"}}],"schema_version":"1.7.5"}