In the Linux kernel, the following vulnerability has been resolved:
platform/x86: dell-uart-backlight: fix serdev race
The delluartblserdevprobe() function calls devmserdevdeviceopen() before setting the client ops via serdevdevicesetclientops(). This ordering can trigger a NULL pointer dereference in the serdev controller's receivebuf handler, as it assumes serdev->ops is valid when SERPORT_ACTIVE is set.
This is similar to the issue fixed in commit 5e700b384ec1 ("platform/chrome: crosecuart: properly fix race condition") where devmserdevdevice_open() was called before fully initializing the device.
Fix the race by ensuring client ops are set before enabling the port via devmserdevdevice_open().
Note, serdevdevicesetbaudrate() and serdevdevicesetflowcontrol() calls should be after the devmserdevdeviceopen() call.