CVE-2026-31736

Source
https://cve.org/CVERecord?id=CVE-2026-31736
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31736.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31736
Downstream
Related
Published
2026-05-01T14:14:33.583Z
Modified
2026-07-15T01:48:55.661306760Z
Summary
net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled
Details

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled

If the gmac0 is disabled, the precheck for a valid ingress device will cause a NULL pointer deref and crash the system. This happens because eth->netdev[0] will be NULL but the code will directly try to access netdev_ops.

Instead of just checking for the first netdevice, it must be checked if any of the mtketh netdevices is matching the netdevops of the ingress device.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31736.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
73cfd947dbdb25ef9863ac49c4596a7d53ad4025
Fixed
0b832aad33e6f160fda310f0306a6483d85e9d6e
Fixed
5dff799c677152dde963c3917bacd9127b03e145
Fixed
7b2380f0a0e374010c1a4a13203511b9dee5b166
Fixed
976ff48c2ac6e6b25b01428c9d7997bcd0fb2949

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31736.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.12.81
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.22
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.12

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31736.json"