In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtoolsetcoalesce() ethtoolsetcoalesce() now uses both the .getcoalesce() and .setcoalesce() callbacks. But the check for their availability is buggy, so changing the coalesce settings on a device where the driver provides only one of the callbacks results in a NULL pointer dereference instead of an -EOPNOTSUPP. Fix the condition so that the availability of both callbacks is ensured. This also matches the netlink code. Note that reproducing this requires some effort - it only affects the legacy ioctl path, and needs a specific combination of driver options: - have .getcoalesce() and .coalescesupported but no .setcoalesce(), or - have .setcoalesce() but no .getcoalesce(). Here eg. ethtool doesn't cause the crash as it first attempts to call ethtoolget_coalesce() and bails out on error.