Stefan Raspl

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises when `qeth set online()` calls `qeth clear working pool list()` to roll back after an error exit from `qeth hardsetup card()`, potentially accessing `card->qdio.in q` before it was allocated by `qeth alloc qdio queues()` via `qeth mpc initialize()`. This can lead to a NULL dereference, causing the system to scribble over the CPU's lowcore, resulting in a crash when those lowcore areas are used next. The scenario typically occurs when the device is first set online and its queues aren't allocated yet, and an early IO error or certain misconfigurations cause an error exit from `qeth hardsetup card()` with `card->qdio.in q` still being NULL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.