CVE-2026-46287

In the Linux kernel, the following vulnerability has been resolved:

net: txgbe: fix RTNL assertion warning when remove module

For the copper NIC with external PHY, the driver called phylink connect phy() during probe and phylink disconnect phy() during remove. It caused an RTNL assertion warning in phylink disconnect phy() upon module remove.

To fix this, add rtnl lock() and rtnl unlock() around the phylink disconnect phy() in remove function.

------------[ cut here ]------------ RTNL: assertion failed at drivers/net/phy/phylink.c (2351) WARNING: drivers/net/phy/phylink.c:2351 at phylink disconnect phy+0xd8/0xf0 [phylink], CPU#0: rmmod/4464 Modules linked in: ... CPU: 0 UID: 0 PID: 4464 Comm: rmmod Kdump: loaded Not tainted 7.0.0-rc4+ Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 RIP: 0010:phylink disconnect phy+0xe4/0xf0 [phylink] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 f6 31 ff e9 3a 38 8f e7 48 8d 3d 48 87 e2 ff ba 2f 09 00 00 48 c7 c6 c1 22 24 c0 <67> 48 0f b9 3a e9 34 ff ff ff 66 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffce7288363ac0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff89654b2a1a00 RCX: 0000000000000000 RDX: 000000000000092f RSI: ffffffffc02422c1 RDI: ffffffffc0239020 RBP: ffffce7288363ae8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8964c4022000 R13: ffff89654fce3028 R14: ffff89654ebb4000 R15: ffffffffc0226348 FS: 0000795e80d93780(0000) GS:ffff896c52857000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005b528b592000 CR3: 0000000170d0f000 CR4: 0000000000f50ef0 PKRU: 55555554 Call Trace: txgbe remove phy+0xbb/0xd0 [txgbe] txgbe remove+0x4c/0xb0 [txgbe] pci device remove+0x41/0xb0 device remove+0x43/0x80 device release driver internal+0x206/0x270 driver detach+0x4a/0xa0 bus remove driver+0x83/0x120 driver unregister+0x2f/0x60 pci unregister driver+0x40/0x90 txgbe driver exit+0x10/0x850 [txgbe] do sys delete module.isra.0+0x1c3/0x2f0 x64 sys delete module+0x12/0x20 x64 sys call+0x20c3/0x2390 do syscall 64+0x11c/0x1500 ? srso alias return thunk+0x5/0xfbef5 ? do syscall 64+0x15a/0x1500 ? srso alias return thunk+0x5/0xfbef5 ? do fault+0x312/0x580 ? srso alias return thunk+0x5/0xfbef5 ? handle mm fault+0x9d5/0x1040 ? srso alias return thunk+0x5/0xfbef5 ? count memcg events+0x101/0x1d0 ? srso alias return thunk+0x5/0xfbef5 ? handle mm fault+0x1e8/0x2f0 ? srso alias return thunk+0x5/0xfbef5 ? do user addr fault+0x2f8/0x820 ? srso alias return thunk+0x5/0xfbef5 ? irqentry exit+0xb2/0x600 ? srso alias return thunk+0x5/0xfbef5 ? exc page fault+0x92/0x1c0 entry SYSCALL 64 after hwframe+0x76/0x7e