Skip to main content

Linux Kernel CVE-2026-31736

| EUVDEUVD-2026-26549 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 17:07 vuln.today
CVSS changed
May 07, 2026 - 17:07 NVD
5.5 (MEDIUM)
Patch available
May 01, 2026 - 16:02 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26549
CVE Published
May 01, 2026 - 14:14 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:14 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled

If the gmac0 is disabled, the precheck for a valid ingress device will cause a NULL pointer deref and crash the system. This happens because eth->netdev[0] will be NULL but the code will directly try to access netdev_ops.

Instead of just checking for the first net_device, it must be checked if any of the mtk_eth net_devices is matching the netdev_ops of the ingress device.

AnalysisAI

Denial of service via NULL pointer dereference in the MediaTek Ethernet PPE (packet processing engine) driver occurs when gmac0 (the primary ethernet interface) is disabled on affected systems. A local authenticated attacker can trigger a kernel crash by sending traffic through the networking stack when the driver incorrectly checks for a valid ingress device without verifying if the first network device pointer is actually initialized. The vulnerability affects Linux kernel versions prior to fixes released in stable branches 6.18.22, 6.12.81, 6.19.12, and 7.0.

Technical ContextAI

The MediaTek ethernet driver (mtk_ppe) manages packet processing for MediaTek SoCs, particularly the gmac (Gigabit MAC) interfaces. The vulnerability exists in the ingress device validation logic within the packet processing engine. When gmac0 is disabled via device tree configuration or module parameters, the eth->netdev[0] pointer remains NULL. The vulnerable code directly dereferences this NULL pointer when accessing netdev_ops without first validating that the pointer is non-NULL, triggering a NULL pointer dereference (CWE-476). The fix involves iterating through all registered network devices in the mtk_eth structure to match against the ingress device, rather than assuming the first device is always valid. This is a common pattern in Linux drivers managing multiple ethernet interfaces on a single hardware unit.

RemediationAI

Apply kernel patches available from Linux stable branches: upgrade to kernel 6.18.22 or later for the 6.18 branch, 6.12.81 or later for 6.12, 6.19.12 or later for 6.19, or 7.0 or later for the main branch. Patch commits are available at https://git.kernel.org/stable/c/0b832aad33e6f160fda310f0306a6483d85e9d6e, https://git.kernel.org/stable/c/5dff799c677152dde963c3917bacd9127b03e145, https://git.kernel.org/stable/c/7b2380f0a0e374010c1a4a13203511b9dee5b166, and https://git.kernel.org/stable/c/976ff48c2ac6e6b25b01428c9d7997bcd0fb2949. For systems that cannot immediately patch, restrict local user access to unprivileged accounts through standard Unix privilege management (remove or limit local user accounts that are not required), as the vulnerability requires PR:L (local authentication). If gmac0 is intentionally disabled, verify that your system configuration does not attempt network operations that would traverse the disabled interface. Device tree or kernel command-line parameters that disable gmac0 should be reviewed to ensure they align with actual hardware deployment.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31736 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy