Jiazi Li

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The vulnerability is related to a NULL pointer dereference in the Linux kernel when completing IO. The issue arises when `dm io dec pending()` calls `end io acct()` first, followed by decrementing the in-flight pending count. If a task is swapping the DM table at the same time, it can result in a crash due to `mempool->elements` being NULL. The call trace includes functions such as `mempool free()`, `bio put()`, `dec pending()`, `clone endio()`, and `bio endio()`. To fix this, establish pointers to `struct dm io` members in `dm io dec pending()` to pass into `end io acct()` after `free io()` is called, and move `end io acct()` after `free io()`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.