The message can be emitted without the fields being present. In this case ber or rssi are 0
resulting in a null pointer deref.
---
 drivers/qmimodem/netmon.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/qmimodem/netmon.c b/drivers/qmimodem/netmon.c
index 14a55632e8a6..729879ce73d8 100644
--- a/drivers/qmimodem/netmon.c
+++ b/drivers/qmimodem/netmon.c
@@ -89,8 +89,8 @@ static void get_rssi_cb(struct qmi_result *result, void *user_data)
 
 	/* RSSI */
 	rssi = qmi_result_get(result, 0x11, &len);
-	num = GUINT16_FROM_LE(rssi->count);
 	if (rssi) {
+		num = GUINT16_FROM_LE(rssi->count);
 		for (i = 0; i < num; i++) {
 			DBG("RSSI: %hhu on RAT %hhd",
 				rssi->info[i].rssi,
@@ -126,8 +126,8 @@ static void get_rssi_cb(struct qmi_result *result, void *user_data)
 
 	/* Bit error rate */
 	ber = qmi_result_get(result, 0x15, &len);
-	num = GUINT16_FROM_LE(ber->count);
 	if (ber) {
+		num = GUINT16_FROM_LE(ber->count);
 		for (i = 0; i < ber->count; i++) {
 			DBG("Bit error rate: %hu on RAT %hhd",
 				GUINT16_FROM_LE(ber->info[i].rate),
-- 
2.21.0