Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-43173— net: ethernet: xscale: Check for PTP support properly

AI Predicted 5.5 Difficulty: Moderate EPSS 0.01% · P2

Possible ATT&CK Techniques 1AI

T1059 · Command and Scripting Interpreter

Affected Version Matrix 16

VendorProductVersion RangeStatus
LinuxLinux9055a2f591629b952910503e72ddae1371c44bf1< 144dde3146985b25fa84d4e4b7c3d11e0f5fc5a4affected
9055a2f591629b952910503e72ddae1371c44bf1< 5195b10c34b8993194ad12ad7d8f54d861be084baffected
9055a2f591629b952910503e72ddae1371c44bf1< 322437972f0a712767f6920ad34aba25f2e9b942affected
9055a2f591629b952910503e72ddae1371c44bf1< 21d1e80d0d6e7d0c3cd8b1e001ed1fa92fb9f3f5affected
9055a2f591629b952910503e72ddae1371c44bf1< 2d74412dfd3621552a394d55cc3dd26a7cbf608eaffected
9055a2f591629b952910503e72ddae1371c44bf1< cbecebd35909f6cd0f6fb773f0fb73da99e02f8caffected
9055a2f591629b952910503e72ddae1371c44bf1< 594163ea88a03bdb412063af50fc7177ef3cbeaeaffected
5.15affected
… +8 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-43173

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
net: ethernet: xscale: Check for PTP support properly
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: xscale: Check for PTP support properly In ixp4xx_get_ts_info() ixp46x_ptp_find() is called unconditionally despite this feature only existing on ixp46x, leading to the following splat from tcpdump: root@OpenWrt:~# tcpdump -vv -X -i eth0 (...) Unable to handle kernel NULL pointer dereference at virtual address 00000238 when read (...) Call trace: ptp_clock_index from ixp46x_ptp_find+0x1c/0x38 ixp46x_ptp_find from ixp4xx_get_ts_info+0x4c/0x64 ixp4xx_get_ts_info from __ethtool_get_ts_info+0x90/0x108 __ethtool_get_ts_info from __dev_ethtool+0xa00/0x2648 __dev_ethtool from dev_ethtool+0x160/0x234 dev_ethtool from dev_ioctl+0x2cc/0x460 dev_ioctl from sock_ioctl+0x1ec/0x524 sock_ioctl from sys_ioctl+0x51c/0xa94 sys_ioctl from ret_fast_syscall+0x0/0x44 (...) Segmentation fault Check for ixp46x in ixp46x_ptp_find() before trying to set up PTP to avoid this. To avoid altering the returned error code from ixp4xx_hwtstamp_set() which before this patch was -EOPNOTSUPP, we return -EOPNOTSUPP from ixp4xx_hwtstamp_set() if ixp46x_ptp_find() fails no matter the error code. The helper function ixp46x_ptp_find() helper returns -ENODEV.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于在ixp4xx_get_ts_info中无条件调用ixp46x_ptp_find,可能导致空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 9055a2f591629b952910503e72ddae1371c44bf1 ~ 144dde3146985b25fa84d4e4b7c3d11e0f5fc5a4 -
LinuxLinux 5.15 -

II. Public POCs for CVE-2026-43173

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-43173

登录查看更多情报信息。
Patch · 7

Same Patch Batch · Linux · 2026-05-06 · 225 CVEs total

CVE-2026-431859.8 CRITICALksmbd: fix signededness bug in smb_direct_prepare_negotiation()
CVE-2026-431869.8 CRITICALipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()
CVE-2026-432089.8 CRITICALnet: do not pass flow_id to set_rps_cpu()
CVE-2026-431989.8 CRITICALtcp: fix potential race in tcp_v6_syn_recv_sock()
CVE-2026-431259.8 CRITICALdlm: validate length in dlm_search_rsb_tree
CVE-2026-431149.4 CRITICALnetfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry
CVE-2026-431179.1 CRITICALbtrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()
CVE-2026-430839.1 CRITICALnet: ioam6: fix OOB and missing lock
CVE-2026-431979.1 CRITICALnetconsole: avoid OOB reads, msg is not nul-terminated
CVE-2026-432328.8 HIGHnet: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets
CVE-2026-431128.8 HIGHfs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath
CVE-2026-431138.8 HIGHwifi: wl1251: validate packet IDs before indexing tx_frames
CVE-2026-431108.8 HIGHwifi: brcmfmac: validate bsscfg indices in IF events
CVE-2026-431878.8 HIGHxfs: delete attr leaf freemap entries when empty
CVE-2026-432158.8 HIGHcifs: Fix locking usage for tcon fields
CVE-2026-431768.8 HIGHwifi: rtw89: pci: validate release report content before using for RTL8922DE
CVE-2026-432838.8 HIGHnet: ethernet: ec_bhf: Fix dma_free_coherent() dma handle
CVE-2026-431588.8 HIGHxfs: fix freemap adjustments when adding xattrs to leaf blocks
CVE-2026-432398.8 HIGHsmb: client: prevent races in ->query_interfaces()
CVE-2026-432498.8 HIGH9p/xen: protect xen_9pfs_front_free against concurrent calls

Showing top 20 of 225 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2026-43173

No comments yet

Leave a comment