CVE-2026-23206

CWE-476NULL Pointer DereferenceCWE-8397 documents7 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 94.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc() with ethsw->sw_attr.num_ifs as the element count. When the device reports zero interfaces (either due to hardware configuration or firmware issues), kcalloc(0, ...) returns ZERO_SIZE_PTR (0x10) instead of NULL. Later in dpaa2_switch_probe(), the NAPI initialization unconditionally

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.135.15.200+5
CVEListV5linux/linux0b1b71370458860579831e77485883fcf2e8fbbe2fcccca88456b592bd668db13aa1d29ed257ca2b+6
Debianlinux< 6.1.164-1+2
Debianlinux-6.1< 6.1.164-1~deb11u1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero2026-02-14
GHSA
GHSA-x2mr-3x78-f97g: In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero The driver2026-02-14
OSV
CVE-2026-23206: In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero The driver al2026-02-14

📋Vendor Advisories

2
Red Hat
kernel: dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero2026-02-14
Debian
CVE-2026-23206: linux - In the Linux kernel, the following vulnerability has been resolved: dpaa2-switc...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23206 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23206 (MEDIUM CVSS 5.5) | In the Linux kernel | cvebase.io