EUVD-2026-39323

In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't call sfpbusdelupstream in the probe failure path, so let's add it, otherwise the sfp-bus is left with a dangling 'upstream' field, that may be...

CVE-2026-53232

In the Linux kernel, this CVE covers a fix in net: phy: clean the sfp upstream if phy probing fails. Sashiko noted that sfp_bus_del_upstream() was not invoked on probe failure, leaving the sfp-bus with a dangling upstream field that could be used later during SFP events. The issue predates the ge...

EUVD-2026-39322

In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfpbusaddupstream for genphy deadlocks,...

CVE-2026-53231

The CVE describes a Linux kernel vulnerability in the net: phy subsystem where PHY-driven SFP cages were being initialized for genphy, which is not supported, leading to a potential RTNL deadlock. Root cause: genphy PHY probing runs under RTNL, unlike non-genphy drivers, allowing sfp_bus probing ...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: sfp: fixed a memory leak in sfpprobe The sfpprobe function allocates a memory chunk from the sfp structure using sfpalloc. When devmaddaction fails, the sfp structure is not freed, resulting in a memory leak. We should use...

CVE-2023-4888

The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2025-201902

An XSS vulnerability in pxcportSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-41752

An XSS vulnerability in pxcportSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-41752 Reflected XSS vulnerability in pxc_portSfp.php

An XSS vulnerability in pxcportSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-41752

CVE-2025-41752 describes a reflected XSS in pxc_portSfp.php that can be exploited by an unauthenticated attacker to entice an authenticated user to click a malicious link and modify device configuration via web-based management. The vulnerability is reported as affecting PHOENIX CONTACT FL SWITCH...

PT-2025-49823

An XSS vulnerability in pxc portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989812)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989812 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sfp: fix memory leak in sfpprobe sfpprobe allocates a memory chunk from sfp with sfpalloc...

EUVD-2016-9444

Malware in sbrugna...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986631 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sfp: fix memory leak in sfpprobe sfpprobe allocates a memory chunk from sfp with sfpalloc...

EUVD-2022-27381

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-8597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the cspsfprecvfp in cspsfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying netwo...

SUSE CVE-2022-49619

In the Linux kernel, the following vulnerability has been resolved: net: sfp: fix memory leak in sfpprobe sfpprobe allocates a memory chunk from sfp with sfpalloc. When devmaddaction fails, sfp is not freed, which leads to a memory leak. We should use devmaddactionorreset instead of devmaddaction...

UBUNTU-CVE-2022-49619

In the Linux kernel, the following vulnerability has been resolved: net: sfp: fix memory leak in sfpprobe sfpprobe allocates a memory chunk from sfp with sfpalloc. When devmaddaction fails, sfp is not freed, which leads to a memory leak. We should use devmaddactionorreset instead of devmaddaction...

CVE-2022-49619 net: sfp: fix memory leak in sfp_probe()

In the Linux kernel, the following vulnerability has been resolved: net: sfp: fix memory leak in sfpprobe sfpprobe allocates a memory chunk from sfp with sfpalloc. When devmaddaction fails, sfp is not freed, which leads to a memory leak. We should use devmaddactionorreset instead of devmaddaction...

PT-2025-8552 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the sfp probe function. This function allocates memory using sfp alloc, but when devm add action fails, the...