CVE-2026-31736 PUBLISHED

net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled

Assigner: Linux
Reserved: 09.03.2026 Published: 01.05.2026 Updated: 01.05.2026

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled

If the gmac0 is disabled, the precheck for a valid ingress device will cause a NULL pointer deref and crash the system. This happens because eth->netdev[0] will be NULL but the code will directly try to access netdev_ops.

Instead of just checking for the first net_device, it must be checked if any of the mtk_eth net_devices is matching the netdev_ops of the ingress device.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 73cfd947dbdb25ef9863ac49c4596a7d53ad4025 to 0b832aad33e6f160fda310f0306a6483d85e9d6e (excl.)
  • affected from 73cfd947dbdb25ef9863ac49c4596a7d53ad4025 to 5dff799c677152dde963c3917bacd9127b03e145 (excl.)
  • affected from 73cfd947dbdb25ef9863ac49c4596a7d53ad4025 to 7b2380f0a0e374010c1a4a13203511b9dee5b166 (excl.)
  • affected from 73cfd947dbdb25ef9863ac49c4596a7d53ad4025 to 976ff48c2ac6e6b25b01428c9d7997bcd0fb2949 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.11 is affected
  • unaffected from 0 to 6.11 (excl.)
  • unaffected from 6.12.81 to 6.12.* (incl.)
  • unaffected from 6.18.22 to 6.18.* (incl.)
  • unaffected from 6.19.12 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References