{"api_version":"1","generated_at":"2026-05-06T16:46:29+00:00","cve":"CVE-2026-43173","urls":{"html":"https://cve.report/CVE-2026-43173","api":"https://cve.report/api/cve/CVE-2026-43173.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-43173","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-43173"},"summary":{"title":"net: ethernet: xscale: Check for PTP support properly","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: xscale: Check for PTP support properly\n\nIn ixp4xx_get_ts_info() ixp46x_ptp_find() is called\nunconditionally despite this feature only existing on\nixp46x, leading to the following splat from tcpdump:\n\nroot@OpenWrt:~# tcpdump -vv -X -i eth0\n(...)\nUnable to handle kernel NULL pointer dereference at virtual address\n  00000238 when read\n(...)\nCall trace:\n ptp_clock_index from ixp46x_ptp_find+0x1c/0x38\n ixp46x_ptp_find from ixp4xx_get_ts_info+0x4c/0x64\n ixp4xx_get_ts_info from __ethtool_get_ts_info+0x90/0x108\n __ethtool_get_ts_info from __dev_ethtool+0xa00/0x2648\n __dev_ethtool from dev_ethtool+0x160/0x234\n dev_ethtool from dev_ioctl+0x2cc/0x460\n dev_ioctl from sock_ioctl+0x1ec/0x524\n sock_ioctl from sys_ioctl+0x51c/0xa94\n sys_ioctl from ret_fast_syscall+0x0/0x44\n (...)\nSegmentation fault\n\nCheck for ixp46x in ixp46x_ptp_find() before trying to set up\nPTP to avoid this.\n\nTo avoid altering the returned error code from ixp4xx_hwtstamp_set()\nwhich before this patch was -EOPNOTSUPP, we return -EOPNOTSUPP\nfrom ixp4xx_hwtstamp_set() if ixp46x_ptp_find() fails no matter\nthe error code. The helper function ixp46x_ptp_find() helper\nreturns -ENODEV.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-06 12:16:35","updated_at":"2026-05-06 13:07:51"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/2d74412dfd3621552a394d55cc3dd26a7cbf608e","name":"https://git.kernel.org/stable/c/2d74412dfd3621552a394d55cc3dd26a7cbf608e","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/5195b10c34b8993194ad12ad7d8f54d861be084b","name":"https://git.kernel.org/stable/c/5195b10c34b8993194ad12ad7d8f54d861be084b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/cbecebd35909f6cd0f6fb773f0fb73da99e02f8c","name":"https://git.kernel.org/stable/c/cbecebd35909f6cd0f6fb773f0fb73da99e02f8c","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/322437972f0a712767f6920ad34aba25f2e9b942","name":"https://git.kernel.org/stable/c/322437972f0a712767f6920ad34aba25f2e9b942","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/594163ea88a03bdb412063af50fc7177ef3cbeae","name":"https://git.kernel.org/stable/c/594163ea88a03bdb412063af50fc7177ef3cbeae","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/21d1e80d0d6e7d0c3cd8b1e001ed1fa92fb9f3f5","name":"https://git.kernel.org/stable/c/21d1e80d0d6e7d0c3cd8b1e001ed1fa92fb9f3f5","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/144dde3146985b25fa84d4e4b7c3d11e0f5fc5a4","name":"https://git.kernel.org/stable/c/144dde3146985b25fa84d4e4b7c3d11e0f5fc5a4","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-43173","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43173","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 9055a2f591629b952910503e72ddae1371c44bf1 144dde3146985b25fa84d4e4b7c3d11e0f5fc5a4 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 9055a2f591629b952910503e72ddae1371c44bf1 5195b10c34b8993194ad12ad7d8f54d861be084b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 9055a2f591629b952910503e72ddae1371c44bf1 322437972f0a712767f6920ad34aba25f2e9b942 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 9055a2f591629b952910503e72ddae1371c44bf1 21d1e80d0d6e7d0c3cd8b1e001ed1fa92fb9f3f5 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 9055a2f591629b952910503e72ddae1371c44bf1 2d74412dfd3621552a394d55cc3dd26a7cbf608e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 9055a2f591629b952910503e72ddae1371c44bf1 cbecebd35909f6cd0f6fb773f0fb73da99e02f8c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 9055a2f591629b952910503e72ddae1371c44bf1 594163ea88a03bdb412063af50fc7177ef3cbeae git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.15","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.202 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.165 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.128 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.75 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.16 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.6 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/net/ethernet/xscale/ixp4xx_eth.c","drivers/net/ethernet/xscale/ptp_ixp46x.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"144dde3146985b25fa84d4e4b7c3d11e0f5fc5a4","status":"affected","version":"9055a2f591629b952910503e72ddae1371c44bf1","versionType":"git"},{"lessThan":"5195b10c34b8993194ad12ad7d8f54d861be084b","status":"affected","version":"9055a2f591629b952910503e72ddae1371c44bf1","versionType":"git"},{"lessThan":"322437972f0a712767f6920ad34aba25f2e9b942","status":"affected","version":"9055a2f591629b952910503e72ddae1371c44bf1","versionType":"git"},{"lessThan":"21d1e80d0d6e7d0c3cd8b1e001ed1fa92fb9f3f5","status":"affected","version":"9055a2f591629b952910503e72ddae1371c44bf1","versionType":"git"},{"lessThan":"2d74412dfd3621552a394d55cc3dd26a7cbf608e","status":"affected","version":"9055a2f591629b952910503e72ddae1371c44bf1","versionType":"git"},{"lessThan":"cbecebd35909f6cd0f6fb773f0fb73da99e02f8c","status":"affected","version":"9055a2f591629b952910503e72ddae1371c44bf1","versionType":"git"},{"lessThan":"594163ea88a03bdb412063af50fc7177ef3cbeae","status":"affected","version":"9055a2f591629b952910503e72ddae1371c44bf1","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/net/ethernet/xscale/ixp4xx_eth.c","drivers/net/ethernet/xscale/ptp_ixp46x.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"5.15"},{"lessThan":"5.15","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.202","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.165","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.128","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.75","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.16","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.6","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.202","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.165","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.128","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.75","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.16","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.6","versionStartIncluding":"5.15","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"5.15","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: xscale: Check for PTP support properly\n\nIn ixp4xx_get_ts_info() ixp46x_ptp_find() is called\nunconditionally despite this feature only existing on\nixp46x, leading to the following splat from tcpdump:\n\nroot@OpenWrt:~# tcpdump -vv -X -i eth0\n(...)\nUnable to handle kernel NULL pointer dereference at virtual address\n  00000238 when read\n(...)\nCall trace:\n ptp_clock_index from ixp46x_ptp_find+0x1c/0x38\n ixp46x_ptp_find from ixp4xx_get_ts_info+0x4c/0x64\n ixp4xx_get_ts_info from __ethtool_get_ts_info+0x90/0x108\n __ethtool_get_ts_info from __dev_ethtool+0xa00/0x2648\n __dev_ethtool from dev_ethtool+0x160/0x234\n dev_ethtool from dev_ioctl+0x2cc/0x460\n dev_ioctl from sock_ioctl+0x1ec/0x524\n sock_ioctl from sys_ioctl+0x51c/0xa94\n sys_ioctl from ret_fast_syscall+0x0/0x44\n (...)\nSegmentation fault\n\nCheck for ixp46x in ixp46x_ptp_find() before trying to set up\nPTP to avoid this.\n\nTo avoid altering the returned error code from ixp4xx_hwtstamp_set()\nwhich before this patch was -EOPNOTSUPP, we return -EOPNOTSUPP\nfrom ixp4xx_hwtstamp_set() if ixp46x_ptp_find() fails no matter\nthe error code. The helper function ixp46x_ptp_find() helper\nreturns -ENODEV."}],"providerMetadata":{"dateUpdated":"2026-05-06T11:27:48.097Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/144dde3146985b25fa84d4e4b7c3d11e0f5fc5a4"},{"url":"https://git.kernel.org/stable/c/5195b10c34b8993194ad12ad7d8f54d861be084b"},{"url":"https://git.kernel.org/stable/c/322437972f0a712767f6920ad34aba25f2e9b942"},{"url":"https://git.kernel.org/stable/c/21d1e80d0d6e7d0c3cd8b1e001ed1fa92fb9f3f5"},{"url":"https://git.kernel.org/stable/c/2d74412dfd3621552a394d55cc3dd26a7cbf608e"},{"url":"https://git.kernel.org/stable/c/cbecebd35909f6cd0f6fb773f0fb73da99e02f8c"},{"url":"https://git.kernel.org/stable/c/594163ea88a03bdb412063af50fc7177ef3cbeae"}],"title":"net: ethernet: xscale: Check for PTP support properly","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-43173","datePublished":"2026-05-06T11:27:48.097Z","dateReserved":"2026-05-01T14:12:55.991Z","dateUpdated":"2026-05-06T11:27:48.097Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-06 12:16:35","lastModifiedDate":"2026-05-06 13:07:51","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"43173","Ordinal":"1","Title":"net: ethernet: xscale: Check for PTP support properly","CVE":"CVE-2026-43173","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"43173","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: xscale: Check for PTP support properly\n\nIn ixp4xx_get_ts_info() ixp46x_ptp_find() is called\nunconditionally despite this feature only existing on\nixp46x, leading to the following splat from tcpdump:\n\nroot@OpenWrt:~# tcpdump -vv -X -i eth0\n(...)\nUnable to handle kernel NULL pointer dereference at virtual address\n  00000238 when read\n(...)\nCall trace:\n ptp_clock_index from ixp46x_ptp_find+0x1c/0x38\n ixp46x_ptp_find from ixp4xx_get_ts_info+0x4c/0x64\n ixp4xx_get_ts_info from __ethtool_get_ts_info+0x90/0x108\n __ethtool_get_ts_info from __dev_ethtool+0xa00/0x2648\n __dev_ethtool from dev_ethtool+0x160/0x234\n dev_ethtool from dev_ioctl+0x2cc/0x460\n dev_ioctl from sock_ioctl+0x1ec/0x524\n sock_ioctl from sys_ioctl+0x51c/0xa94\n sys_ioctl from ret_fast_syscall+0x0/0x44\n (...)\nSegmentation fault\n\nCheck for ixp46x in ixp46x_ptp_find() before trying to set up\nPTP to avoid this.\n\nTo avoid altering the returned error code from ixp4xx_hwtstamp_set()\nwhich before this patch was -EOPNOTSUPP, we return -EOPNOTSUPP\nfrom ixp4xx_hwtstamp_set() if ixp46x_ptp_find() fails no matter\nthe error code. The helper function ixp46x_ptp_find() helper\nreturns -ENODEV.","Type":"Description","Title":"net: ethernet: xscale: Check for PTP support properly"}]}}}