CVE-2026-46287

Source
https://cve.org/CVERecord?id=CVE-2026-46287
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46287.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46287
Downstream
Related
Published
2026-06-08T15:41:30.791Z
Modified
2026-06-18T03:56:53.223078534Z
Summary
net: txgbe: fix RTNL assertion warning when remove module
Details

In the Linux kernel, the following vulnerability has been resolved:

net: txgbe: fix RTNL assertion warning when remove module

For the copper NIC with external PHY, the driver called phylinkconnectphy() during probe and phylinkdisconnectphy() during remove. It caused an RTNL assertion warning in phylinkdisconnectphy() upon module remove.

To fix this, add rtnllock() and rtnlunlock() around the phylinkdisconnectphy() in remove function.

------------[ cut here ]------------ RTNL: assertion failed at drivers/net/phy/phylink.c (2351) WARNING: drivers/net/phy/phylink.c:2351 at phylinkdisconnectphy+0xd8/0xf0 [phylink], CPU#0: rmmod/4464 Modules linked in: ... CPU: 0 UID: 0 PID: 4464 Comm: rmmod Kdump: loaded Not tainted 7.0.0-rc4+ Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 RIP: 0010:phylinkdisconnectphy+0xe4/0xf0 [phylink] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 f6 31 ff e9 3a 38 8f e7 48 8d 3d 48 87 e2 ff ba 2f 09 00 00 48 c7 c6 c1 22 24 c0 <67> 48 0f b9 3a e9 34 ff ff ff 66 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffce7288363ac0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff89654b2a1a00 RCX: 0000000000000000 RDX: 000000000000092f RSI: ffffffffc02422c1 RDI: ffffffffc0239020 RBP: ffffce7288363ae8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8964c4022000 R13: ffff89654fce3028 R14: ffff89654ebb4000 R15: ffffffffc0226348 FS: 0000795e80d93780(0000) GS:ffff896c52857000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005b528b592000 CR3: 0000000170d0f000 CR4: 0000000000f50ef0 PKRU: 55555554 Call Trace: <TASK> txgberemovephy+0xbb/0xd0 [txgbe] txgberemove+0x4c/0xb0 [txgbe] pcideviceremove+0x41/0xb0 deviceremove+0x43/0x80 devicereleasedriverinternal+0x206/0x270 driverdetach+0x4a/0xa0 busremovedriver+0x83/0x120 driverunregister+0x2f/0x60 pciunregisterdriver+0x40/0x90 txgbedriver_exit+0x10/0x850 [txgbe] __dosysdelete_module.isra.0+0x1c3/0x2f0 __x64sysdeletemodule+0x12/0x20 x64syscall+0x20c3/0x2390 dosyscall64+0x11c/0x1500 ? srsoaliasreturnthunk+0x5/0xfbef5 ? dosyscall64+0x15a/0x1500 ? srsoaliasreturnthunk+0x5/0xfbef5 ? dofault+0x312/0x580 ? srsoaliasreturn_thunk+0x5/0xfbef5 ? _handlemmfault+0x9d5/0x1040 ? srsoaliasreturnthunk+0x5/0xfbef5 ? countmemcgevents+0x101/0x1d0 ? srsoaliasreturnthunk+0x5/0xfbef5 ? handlemmfault+0x1e8/0x2f0 ? srsoaliasreturnthunk+0x5/0xfbef5 ? douseraddrfault+0x2f8/0x820 ? srsoaliasreturnthunk+0x5/0xfbef5 ? irqentryexit+0xb2/0x600 ? srsoaliasreturnthunk+0x5/0xfbef5 ? excpagefault+0x92/0x1c0 entrySYSCALL64afterhwframe+0x76/0x7e

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46287.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
02b2a6f91b9042552bc3aa728622bda97e3916fa
Fixed
0305e7118451c7c363c18f8113b0d8e0077ffa4c
Fixed
3e223a7fd41ce6fffdb10577df9350385262bf33
Fixed
d29cafc7e4ee9e28a150ba17e9a565ec5d881fbc
Fixed
6c5ec52c68a6a442c8a159615ae092512562318a
Fixed
e159f05e12cc1111a3103b99375ddf0dfd0e7d63

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46287.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.88
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46287.json"