CVE-2026-43173

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: ethernet: xscale: Check for PTP support properly<br /> <br /> In ixp4xx_get_ts_info() ixp46x_ptp_find() is called<br /> unconditionally despite this feature only existing on<br /> ixp46x, leading to the following splat from tcpdump:<br /> <br /> root@OpenWrt:~# tcpdump -vv -X -i eth0<br /> (...)<br /> Unable to handle kernel NULL pointer dereference at virtual address<br /> 00000238 when read<br /> (...)<br /> Call trace:<br /> ptp_clock_index from ixp46x_ptp_find+0x1c/0x38<br /> ixp46x_ptp_find from ixp4xx_get_ts_info+0x4c/0x64<br /> ixp4xx_get_ts_info from __ethtool_get_ts_info+0x90/0x108<br /> __ethtool_get_ts_info from __dev_ethtool+0xa00/0x2648<br /> __dev_ethtool from dev_ethtool+0x160/0x234<br /> dev_ethtool from dev_ioctl+0x2cc/0x460<br /> dev_ioctl from sock_ioctl+0x1ec/0x524<br /> sock_ioctl from sys_ioctl+0x51c/0xa94<br /> sys_ioctl from ret_fast_syscall+0x0/0x44<br /> (...)<br /> Segmentation fault<br /> <br /> Check for ixp46x in ixp46x_ptp_find() before trying to set up<br /> PTP to avoid this.<br /> <br /> To avoid altering the returned error code from ixp4xx_hwtstamp_set()<br /> which before this patch was -EOPNOTSUPP, we return -EOPNOTSUPP<br /> from ixp4xx_hwtstamp_set() if ixp46x_ptp_find() fails no matter<br /> the error code. The helper function ixp46x_ptp_find() helper<br /> returns -ENODEV.