CVE-2026-23206

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero<br /> <br /> The driver allocates arrays for ports, FDBs, and filter blocks using<br /> kcalloc() with ethsw-&gt;sw_attr.num_ifs as the element count. When the<br /> device reports zero interfaces (either due to hardware configuration<br /> or firmware issues), kcalloc(0, ...) returns ZERO_SIZE_PTR (0x10)<br /> instead of NULL.<br /> <br /> Later in dpaa2_switch_probe(), the NAPI initialization unconditionally<br /> accesses ethsw-&gt;ports[0]-&gt;netdev, which attempts to dereference<br /> ZERO_SIZE_PTR (address 0x10), resulting in a kernel panic.<br /> <br /> Add a check to ensure num_ifs is greater than zero after retrieving<br /> device attributes. This prevents the zero-sized allocations and<br /> subsequent invalid pointer dereference.