From: Alexander Aring <aahringo@xxxxxxxxxx> commit 27c746869e1a135dffc2f2a80715bb7aa00445b4 upstream. This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVKEY is not set by the user. If this is the case nl802154 will return -EINVAL. Reported-by: syzbot+368672e0da240db53b5f@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: Alexander Aring <aahringo@xxxxxxxxxx> Link: https://lore.kernel.org/r/20210221174321.14210-4-aahringo@xxxxxxxxxx Signed-off-by: Stefan Schmidt <stefan@xxxxxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/ieee802154/nl802154.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -1908,7 +1908,8 @@ static int nl802154_del_llsec_devkey(str struct ieee802154_llsec_device_key key; __le64 extended_addr; - if (nla_parse_nested(attrs, NL802154_DEVKEY_ATTR_MAX, + if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] || + nla_parse_nested(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy)) return -EINVAL;