In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.
In the Linux kernel, the following vulnerability has been resolved:hamradio: improve the incomplete fix to avoid NPDThe previous commit 3e0588c291d6 ( hamradio: defer ax25 kfree afterunregister_netdev ) reorder the kfree operations and unregister_netdevoperation to prevent UAF.This commit improves the previous one by also deferring the nullify ofthe ax->tty pointer. Otherwise, a NULL pointer dereference bug occurs.Partial of the stack trace is shown below.BUG: kernel NULL pointer dereference, address: 0000000000000538RIP: 0010:ax_xmit+0x1f9/0x400...Call Trace: dev_hard_start_xmit+0xec/0x320 sch_direct_xmit+0xea/0x240 __qdisc_run+0x166/0x5c0 __dev_queue_xmit+0x2c7/0xaf0 ax25_std_establish_data_link+0x59/0x60 ax25_connect+0x3a0/0x500 ? security_socket_connect+0x2b/0x40 __sys_connect+0x96/0xc0 ? __hrtimer_init+0xc0/0xc0 ? common_nsleep+0x2e/0x50 ? switch_fpu_return+0x139/0x1a0 __x64_sys_connect+0x11/0x20 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9The crash point is shown as belowstatic void ax_encaps(...) { ... set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags); // ax->tty = NULL! ...}By placing the nullify action after the unregister_netdev, the ax->ttypointer won t be assigned as NULL net_device framework layer is wellsynchronized.