In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in vfiocdxsetmsitrigger(). Without this check, userspace can trigger a NULL pointer dereference by calling VFIODEVICESETIRQS with VFIOIRQSETDATABOOL or VFIOIRQSETDATANONE flags before ever setting up interrupts via VFIOIRQSETDATAEVENTFD. The vfiocdxmsienable() function allocates the cdxirqs array and sets configmsi to 1 only when called through the EVENTFD path. The trigger loop (for DATABOOL/DATANONE) assumed this had already been done, but there was no enforcement of this call ordering. This matches the protection used in the PCI VFIO driver where vfiopcisetmsitrigger() checks irqis() before the trigger loop.