Wang Jianjian

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential NULL pointer dereference issue has been resolved in the Linux kernel. The issue occurs due to a race condition between the `dquot free inode` and `quota off` functions, where the `dquots` pointer is set to NULL after it has been checked, leading to a NULL pointer dereference. This issue can be triggered when `dquot free inode` or other routines check the inode's quota pointers before `quota off` sets it to NULL and use it after that. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include: - The `dquot free inode` function checks the inode's quota pointers. - The `quota off` function sets the `dquots` pointer to NULL. - The `spin lock` function is used to lock the `dq dqb lock` of the `dquots` pointer. - The `srcu read lock` function is used to lock the `srcu` read lock. - The `dquots[cnt]) != NULL` check is performed to verify the `dquots` pointer. - The `dquots[type] = NULL` statement sets the `dquots` pointer to NULL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.