Julian Wiedmann

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a potential NULL pointer dereference in the `ethtool set coalesce()` function. This function uses both the `.get coalesce()` and `.set coalesce()` callbacks, but the check for their availability is buggy. As a result, changing the coalesce settings on a device where the driver provides only one of the callbacks can lead to a NULL pointer dereference instead of an error. The condition has been fixed to ensure the availability of both callbacks, which also matches the netlink code. This issue only affects the legacy ioctl path and requires a specific combination of driver options. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises when the `device add()` function for a `smcd dev` fails, resulting in a corrupted list due to the lack of a cleanup step that removes the device from the `smcd dev list`. This occurs because the device is freed after the failure, but its earlier addition to the list is not rolled back. The resolution involves adding error handling to remove the device from the list in the event of a `device add()` failure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.