In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Fix possible crash when setting up bsg fails
If bsgsetupqueue() fails, the bsgqueue is assigned a non-NULL value. Consequently, in mpi3mrbsgexit(), the condition "if(!mrioc->bsgqueue)" will not be satisfied, preventing execution from entering bsgremovequeue(), which could lead to the following crash:
BUG: kernel NULL pointer dereference, address: 000000000000041c Call Trace: <TASK> mpi3mrbsgexit+0x1f/0x50 [mpi3mr] mpi3mrremove+0x6f/0x340 [mpi3mr] pcideviceremove+0x3f/0xb0 devicereleasedriverinternal+0x19d/0x220 unbindstore+0xa4/0xb0 kernfsfopwriteiter+0x11f/0x200 vfswrite+0x1fc/0x3e0 ksyswrite+0x67/0xe0 dosyscall64+0x38/0x80 entrySYSCALL64afterhwframe+0x78/0xe2