Nigel Kirkland

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer dereference vulnerability has been resolved in the Linux kernel. The issue occurs in the nvme-fc module, specifically in the nvme fc io getuuid function. The nvme fc fcp op structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvme fc io getuuid passing a pointer to an nvmefc fcp req for an AEN operation. To fix this issue, validation of the request structure pointer has been added before dereference. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.