In the Linux kernel, the following vulnerability has been resolved:
scsi: sg: Avoid sg device teardown race
sgremovesfpusercontext() must not use sgdevicedestroy() after calling scsidevice_put().
sgdevicedestroy() is accessing the parent scsidevice requestqueue which will already be set to NULL when the preceding call to scsideviceput() removed the last reference to the parent scsi_device.
The resulting NULL pointer exception will then crash the kernel.