Niklas Cassel

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.10.0-rc5 **Description** A null pointer dereference vulnerability has been resolved in the Linux kernel. The issue occurs when the `ata port alloc()` call in `ata host alloc()` fails, causing `ata host release()` to be called. However, the code in `ata host release()` tries to free `ata port` struct members unconditionally, leading to a page fault error. This can result in a system crash or potentially allow an attacker to execute arbitrary code. **Recommendations** To resolve this issue, update the Linux kernel to a version later than 6.10.0-rc5. As a temporary workaround, consider disabling the `ata host release()` function until a patch is available. Restrict access to the `libata` module to minimize the risk of exploitation. Avoid using the `ata port alloc()` and `ata host alloc()` functions in combination until the issue is resolved. Apply configuration changes to prevent the `ata host release()` function from being called unnecessarily.