In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. CREATE(Triage):(User=admin) [CVE-2019-19965|https://nvd.nist.gov/vuln/detail/CVE-2019-19965]