CVE-2026-31736
NULL Dereference in Linux Kernel MTK PPE Ethernet Driver
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ethernet driver for the MediaTek PPE (mtk_ppe). When the gmac0 interface is disabled, the code attempts to access a network device pointer that is NULL, leading to a NULL pointer dereference and causing the system to crash.
Specifically, the code checks only the first network device (eth->netdev[0]) without verifying if it is valid. If gmac0 is disabled, this pointer is NULL, but the code still tries to access its operations (netdev_ops), resulting in a crash.
The fix involves checking all mtk_eth network devices to find one matching the ingress device's netdev_ops instead of just the first device.
How can this vulnerability impact me? :
This vulnerability can cause the affected Linux system to crash due to a NULL pointer dereference when the gmac0 ethernet interface is disabled.
Such a crash can lead to denial of service, interrupting normal operations and potentially causing data loss or system downtime.