CVE-2026-23206 – dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero

CVE ID : CVE-2026-23206

Published : Feb. 14, 2026, 5:15 p.m. | 1 hour, 14 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero

The driver allocates arrays for ports, FDBs, and filter blocks using
kcalloc() with ethsw->sw_attr.num_ifs as the element count. When the
device reports zero interfaces (either due to hardware configuration
or firmware issues), kcalloc(0, …) returns ZERO_SIZE_PTR (0x10)
instead of NULL.

Later in dpaa2_switch_probe(), the NAPI initialization unconditionally
accesses ethsw->ports[0]->netdev, which attempts to dereference
ZERO_SIZE_PTR (address 0x10), resulting in a kernel panic.

Add a check to ensure num_ifs is greater than zero after retrieving
device attributes. This prevents the zero-sized allocations and
subsequent invalid pointer dereference.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…