Description: Null pointer dereference and use-after-free in net/ax25/ax25_timer.c
References:
 https://www.openwall.com/lists/oss-security/2022/04/02/4
 https://bugzilla.redhat.com/show_bug.cgi?id=2071047
Notes:
 carnil> For 5.17.y fixed as well in 5.17.2 for the first commit,
 carnil> fc6d01ff9ef0 ("ax25: Fix NULL pointer dereferences in ax25
 carnil> timers").
 bwh> I'm not sure how old this is but it seems to be present back to 4.9.
 carnil> For 5.17.y the second commit was only included in 5.17.4.
Bugs:
upstream: released (5.18-rc1) [fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009, 82e31755e55fbcea6a9dfaae5fe4860ade17cbc0]
5.10-upstream-stable: released (5.10.112) [f934fa478dd17411bc6884153dc824ff9e7505d8, 5c62d3bf14100a88d30888b925fcb61a8c11c012]
4.19-upstream-stable: released (4.19.240) [512f09df261b51b088f17d86dbdf300a3492523d, 3082f32c45465b692c314131c2a3657e0c23e09d]
4.9-upstream-stable: needed
sid: released (5.17.6-1)
5.10-bullseye-security: released (5.10.113-1)
4.19-buster-security: released (4.19.249-1)
4.9-stretch-security: ignored "EOL"