In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled
If the gmac0 is disabled, the precheck for a valid ingress device will cause a NULL pointer deref and crash the system. This happens because eth->netdev[0] will be NULL but the code will directly try to access netdev_ops.
Instead of just checking for the first netdevice, it must be checked if any of the mtketh netdevices is matching the netdevops of the ingress device.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31736.json",
"cna_assigner": "Linux"
}