CVE Catalog

CVE-2026-43219

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

In the Linux kernel, a vulnerability in the cpsw_new network driver may cause an attempt to unregister a network device that has not been registered yet. This occurs when an error happens during the registration of the first MAC, leaving the second MAC unchanged, potentially leading to an incorrect unregister_netdev() call.

Risk Assessment

The risk involves potential network disruption or system crash due to attempting to unregister an unregistered network device, which could lead to system instability.

Recommendation

It is recommended to immediately update the Linux kernel to a version containing the fix that adds a check for the registration state before calling unregister_netdev().

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: cpsw_new: Fix potential unregister of netdev that has not been registered yet If an error occurs during register_netdev() for the first MAC in cpsw_register_ports(), even though cpsw->slaves[0].ndev is set to NULL, cpsw->slaves[1].ndev would remain unchanged. This could later cause cpsw_unregister_ports() to attempt unregistering the second MAC. To address this, add a check for ndev->reg_state before calling unregister_netdev(). With this change, setting cpsw->slaves[i].ndev to NULL becomes unnecessary and can be removed accordingly.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS