In the Linux kernel, the following vulnerability has been resolved:

net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()

page_pool_create() can return an ERR_PTR on failure. The return value
is used unconditionally in the loop that follows, passing the error
pointer through xdp_rxq_info_reg_mem_model() into page_pool_use_xdp_mem(),
which dereferences it, causing a kernel oops.

Add an IS_ERR check after page_pool_create() to return early on failure.