VYPR
Medium severity5.5NVD Advisory· Published May 1, 2026· Updated May 7, 2026

CVE-2026-31736

CVE-2026-31736

Description

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled

If the gmac0 is disabled, the precheck for a valid ingress device will cause a NULL pointer deref and crash the system. This happens because eth->netdev[0] will be NULL but the code will directly try to access netdev_ops.

Instead of just checking for the first net_device, it must be checked if any of the mtk_eth net_devices is matching the netdev_ops of the ingress device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

33

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.