In the Linux kernel, the following vulnerability has been resolved:
sfc: fix null pointer dereference in efxhardstart_xmit
Trying to get the channel from the txqueue variable here is wrong because we can only be here if txqueue is NULL, so we shouldn't dereference it. As the above comment in the code says, this is very unlikely to happen, but it's wrong anyway so let's fix it.
I hit this issue because of a different bug that caused txqueue to be NULL. If that happens, this is the error message that we get here: BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [...] RIP: 0010:efxhardstartxmit+0x153/0x170 [sfc]