CVE-2026-43173
Awaiting Analysis Awaiting Analysis - Queue
NULL Pointer Dereference in Linux Kernel XScale Ethernet Driver

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: xscale: Check for PTP support properly In ixp4xx_get_ts_info() ixp46x_ptp_find() is called unconditionally despite this feature only existing on ixp46x, leading to the following splat from tcpdump: root@OpenWrt:~# tcpdump -vv -X -i eth0 (...) Unable to handle kernel NULL pointer dereference at virtual address 00000238 when read (...) Call trace: ptp_clock_index from ixp46x_ptp_find+0x1c/0x38 ixp46x_ptp_find from ixp4xx_get_ts_info+0x4c/0x64 ixp4xx_get_ts_info from __ethtool_get_ts_info+0x90/0x108 __ethtool_get_ts_info from __dev_ethtool+0xa00/0x2648 __dev_ethtool from dev_ethtool+0x160/0x234 dev_ethtool from dev_ioctl+0x2cc/0x460 dev_ioctl from sock_ioctl+0x1ec/0x524 sock_ioctl from sys_ioctl+0x51c/0xa94 sys_ioctl from ret_fast_syscall+0x0/0x44 (...) Segmentation fault Check for ixp46x in ixp46x_ptp_find() before trying to set up PTP to avoid this. To avoid altering the returned error code from ixp4xx_hwtstamp_set() which before this patch was -EOPNOTSUPP, we return -EOPNOTSUPP from ixp4xx_hwtstamp_set() if ixp46x_ptp_find() fails no matter the error code. The helper function ixp46x_ptp_find() helper returns -ENODEV.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43173
EUVD
EUVD-2026-27734
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux_kernel linux_kernel *
linux linux_kernel to 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference when certain network tools like tcpdump attempt to access timestamping information on unsupported hardware. This results in a segmentation fault, leading to system instability or denial of service.


Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's ethernet driver for xscale processors. The function ixp4xx_get_ts_info() calls ixp46x_ptp_find() unconditionally, even though the feature it checks for only exists on ixp46x hardware. This leads to a NULL pointer dereference and a kernel crash (segmentation fault) when tcpdump or similar tools try to access timestamping information.

The issue occurs because the code does not properly check if the hardware supports Precision Time Protocol (PTP) before calling the function that sets up PTP. The fix involves adding a check for ixp46x hardware before attempting to set up PTP, preventing the kernel from crashing.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing a kernel NULL pointer dereference splat related to the ixp46x_ptp_find() function when using tcpdump on an affected system.

A suggested command to detect this issue is running tcpdump with verbose and hex output on the affected network interface, for example:

  • tcpdump -vv -X -i eth0

If the vulnerability is present, the output may include a kernel NULL pointer dereference error and a segmentation fault call trace involving ixp46x_ptp_find and ixp4xx_get_ts_info functions.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the kernel code checks for the presence of ixp46x before calling ixp46x_ptp_find(), thereby avoiding the NULL pointer dereference.

Specifically, the fix involves modifying ixp4xx_get_ts_info() to verify ixp46x support before attempting to set up PTP (Precision Time Protocol).

If you are using a Linux kernel version affected by this issue, update to a patched version where this check is implemented.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart