CVE-2026-43173

Source
https://cve.org/CVERecord?id=CVE-2026-43173
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43173.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43173
Downstream
Published
2026-05-06T11:27:48.097Z
Modified
2026-06-18T03:56:44.226723409Z
Summary
net: ethernet: xscale: Check for PTP support properly
Details

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: xscale: Check for PTP support properly

In ixp4xxgettsinfo() ixp46xptp_find() is called unconditionally despite this feature only existing on ixp46x, leading to the following splat from tcpdump:

root@OpenWrt:~# tcpdump -vv -X -i eth0 (...) Unable to handle kernel NULL pointer dereference at virtual address 00000238 when read (...) Call trace: ptpclockindex from ixp46xptpfind+0x1c/0x38 ixp46xptpfind from ixp4xxgettsinfo+0x4c/0x64 ixp4xxgettsinfo from __ethtoolgetts_info+0x90/0x108 __ethtoolgetts_info from __dev_ethtool+0xa00/0x2648 _devethtool from devethtool+0x160/0x234 devethtool from devioctl+0x2cc/0x460 devioctl from sockioctl+0x1ec/0x524 sockioctl from sysioctl+0x51c/0xa94 sysioctl from retfastsyscall+0x0/0x44 (...) Segmentation fault

Check for ixp46x in ixp46xptpfind() before trying to set up PTP to avoid this.

To avoid altering the returned error code from ixp4xxhwtstampset() which before this patch was -EOPNOTSUPP, we return -EOPNOTSUPP from ixp4xxhwtstampset() if ixp46xptpfind() fails no matter the error code. The helper function ixp46xptpfind() helper returns -ENODEV.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43173.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9055a2f591629b952910503e72ddae1371c44bf1
Fixed
322437972f0a712767f6920ad34aba25f2e9b942
Fixed
21d1e80d0d6e7d0c3cd8b1e001ed1fa92fb9f3f5
Fixed
2d74412dfd3621552a394d55cc3dd26a7cbf608e
Fixed
cbecebd35909f6cd0f6fb773f0fb73da99e02f8c
Fixed
594163ea88a03bdb412063af50fc7177ef3cbeae

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43173.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43173.json"