In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: xscale: Check for PTP support properly
In ixp4xxgettsinfo() ixp46xptp_find() is called unconditionally despite this feature only existing on ixp46x, leading to the following splat from tcpdump:
root@OpenWrt:~# tcpdump -vv -X -i eth0 (...) Unable to handle kernel NULL pointer dereference at virtual address 00000238 when read (...) Call trace: ptpclockindex from ixp46xptpfind+0x1c/0x38 ixp46xptpfind from ixp4xxgettsinfo+0x4c/0x64 ixp4xxgettsinfo from __ethtoolgetts_info+0x90/0x108 __ethtoolgetts_info from __dev_ethtool+0xa00/0x2648 _devethtool from devethtool+0x160/0x234 devethtool from devioctl+0x2cc/0x460 devioctl from sockioctl+0x1ec/0x524 sockioctl from sysioctl+0x51c/0xa94 sysioctl from retfastsyscall+0x0/0x44 (...) Segmentation fault
Check for ixp46x in ixp46xptpfind() before trying to set up PTP to avoid this.
To avoid altering the returned error code from ixp4xxhwtstampset() which before this patch was -EOPNOTSUPP, we return -EOPNOTSUPP from ixp4xxhwtstampset() if ixp46xptpfind() fails no matter the error code. The helper function ixp46xptpfind() helper returns -ENODEV.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43173.json"
}