5.5

CVE-2026-23206

dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero

In the Linux kernel, the following vulnerability has been resolved:

dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero

The driver allocates arrays for ports, FDBs, and filter blocks using
kcalloc() with ethsw->sw_attr.num_ifs as the element count. When the
device reports zero interfaces (either due to hardware configuration
or firmware issues), kcalloc(0, ...) returns ZERO_SIZE_PTR (0x10)
instead of NULL.

Later in dpaa2_switch_probe(), the NAPI initialization unconditionally
accesses ethsw->ports[0]->netdev, which attempts to dereference
ZERO_SIZE_PTR (address 0x10), resulting in a kernel panic.

Add a check to ensure num_ifs is greater than zero after retrieving
device attributes. This prevents the zero-sized allocations and
subsequent invalid pointer dereference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.13 < 5.15.200
LinuxLinux Kernel Version >= 5.16 < 6.1.163
LinuxLinux Kernel Version >= 6.2 < 6.6.124
LinuxLinux Kernel Version >= 6.7 < 6.12.70
LinuxLinux Kernel Version >= 6.13 < 6.18.10
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
LinuxLinux Kernel Version6.19 Updaterc7
LinuxLinux Kernel Version6.19 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.018
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/2fcccca88456b592bd668db13aa1d29ed257ca2b
Patch
https://git.kernel.org/stable/c/80165ff16051448d6f840585ebe13f2400415df3
Patch
https://git.kernel.org/stable/c/b97415c4362f739e25ec6f71012277086fabdf6f
Patch
https://git.kernel.org/stable/c/4acc40db06ffd0fd92683505342b00c8a7394c60
Patch
https://git.kernel.org/stable/c/155eb99aff2920153bf21217ae29565fff81e6af
Patch
https://git.kernel.org/stable/c/ed48a84a72fefb20a82dd90a7caa7807e90c6f66
Patch