Linux Kernel dpaa2 Switch Zero-Size Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's dpaa2 switch driver can lead to a null pointer dereference, causing a kernel panic. This issue arises when the driver allocates arrays for ports, forwarding databases, and filter blocks using the number of interfaces reported by the device. If the device indicates zero interfaces due to hardware or firmware issues, the allocation function returns a zero-size pointer instead of null. The subsequent initialization process then attempts to access this invalid pointer, leading to a crash. The vulnerability has been addressed by adding a check to ensure the number of interfaces is greater than zero before proceeding with the initialization.

Impact

The vulnerability causes a kernel panic by attempting to dereference a zero-size pointer, which crashes the system.

Reproduction

To reproduce this vulnerability, use a device with the dpaa2 switch driver that reports zero interfaces. This can be due to specific hardware configurations or firmware issues. When the driver initializes, it will attempt to access the first port's network device, which triggers the null pointer dereference and causes a kernel panic.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.