In the Linux kernel, the following vulnerability has been resolved:

net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint

The smc_msg_event tracepoint class, shared by smc_tx_sendmsg and
smc_rx_recvmsg, unconditionally dereferences smc->conn.lnk:

	__string(name, smc->conn.lnk->ibname)

conn->lnk is only set for SMC-R; for SMC-D it is NULL. Other code on
these paths already handles this (e.g. !conn->lnk in
SMC_STAT_RMB_TX_SIZE_SMALL()). With the tracepoint enabled, the first
sendmsg()/recvmsg() on an SMC-D socket crashes:

  Oops: general protection fault, probably for non-canonical address
  KASAN: null-ptr-deref in range [...]
  RIP: 0010:strlen+0x1e/0xa0
  Call Trace:
   trace_event_raw_event_smc_msg_event (net/smc/smc_tracepoint.h:44)
   smc_rx_recvmsg (net/smc/smc_rx.c:515)
   smc_recvmsg (net/smc/af_smc.c:2859)
   __sys_recvfrom (net/socket.c:2315)
   __x64_sys_recvfrom (net/socket.c:2326)
   do_syscall_64

The faulting address 0x3e0 is offsetof(struct smc_link, ibname),
confirming the NULL ->lnk deref. Enabling the tracepoint requires
root, but the trigger itself is unprivileged: socket(AF_SMC, ...) has
no capability check, and SMC-D negotiation needs no admin step on
s390 or on x86 with the loopback ISM device loaded.

Log an empty device name for SMC-D instead of dereferencing NULL.

https://git.kernel.org/stable/c/561cf66fa9b6c86dfe4e687d2d1aeaaa6739917f

https://git.kernel.org/stable/c/68200112534bb2acd1d7117dc2d5c124868d866d

https://git.kernel.org/stable/c/720c76b930c52cd58f50eb6b10569d03dccc7959

https://git.kernel.org/stable/c/7bf563badd37cb796df5477d2b78bb64148a1268

https://git.kernel.org/stable/c/b706d6d76a2a2793fe5ad0fbc2a75b6a460094ef

https://git.kernel.org/stable/c/d2ea0b8aef8746e147602eac87ca8538f4bc7e66

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/smc/smc_tracepoint.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"68200112534bb2acd1d7117dc2d5c124868d866d","versionType":"git","status":"affected"},{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"720c76b930c52cd58f50eb6b10569d03dccc7959","versionType":"git","status":"affected"},{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"b706d6d76a2a2793fe5ad0fbc2a75b6a460094ef","versionType":"git","status":"affected"},{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"d2ea0b8aef8746e147602eac87ca8538f4bc7e66","versionType":"git","status":"affected"},{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"561cf66fa9b6c86dfe4e687d2d1aeaaa6739917f","versionType":"git","status":"affected"},{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"7bf563badd37cb796df5477d2b78bb64148a1268","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/smc/smc_tracepoint.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]