Description
In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled

If the gmac0 is disabled, the precheck for a valid ingress device will
cause a NULL pointer deref and crash the system. This happens because
eth->netdev[0] will be NULL but the code will directly try to access
netdev_ops.

Instead of just checking for the first net_device, it must be checked if
any of the mtk_eth net_devices is matching the netdev_ops of the ingress
device.
Published: 2026-05-01
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel Ethernet driver for MediaTek (mtk_ppe) incorrectly accesses a null pointer when the first network device gmac0 is disabled, leading to a kernel crash. This null dereference results in a denial‑of‑service condition and is classified as CWE‑476.

Affected Systems

All Linux kernel installations that include the mtk_ppe driver are affected. No specific release numbers are listed, so any kernel containing this code path remains vulnerable until patched. The vendor is Linux.

Risk and Exploitability

The flaw is a pure denial‑of‑service with no authentication or privilege requirements. The EPSS score is not available and the vulnerability is not listed in KEV. The risk remains high because a straightforward trigger such as disabling gmac0 or manipulating network configuration will crash the host, disrupting service.

Generated by OpenCVE AI on May 1, 2026 at 23:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that includes the mtk_ppe null‑dereference patch referenced in the listed commits.
  • If an update is not available, avoid disabling gmac0; keep the Ethernet device enabled to prevent the null pointer condition from occurring.
  • As a temporary measure, monitor kernel logs for ‘oops’ or ‘panic’ messages related to mtk_ppe and remediate promptly.

Generated by OpenCVE AI on May 1, 2026 at 23:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
References

Sat, 02 May 2026 00:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled If the gmac0 is disabled, the precheck for a valid ingress device will cause a NULL pointer deref and crash the system. This happens because eth->netdev[0] will be NULL but the code will directly try to access netdev_ops. Instead of just checking for the first net_device, it must be checked if any of the mtk_eth net_devices is matching the netdev_ops of the ingress device.
Title net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-01T14:14:33.583Z

Reserved: 2026-03-09T15:48:24.137Z

Link: CVE-2026-31736

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:36.240

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31736

cve-icon Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31736 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T23:45:09Z

Weaknesses