In the Linux kernel, the following vulnerability has been resolved:
spi: fix use-after-free of the add_lock mutex
Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is already freed:
spiunregistercontroller(ctlr) -> putdevice(&ctlr->dev) -> spicontrollerrelease(dev) -> mutexunlock(&ctrl->add_lock)
Move the putdevice() after the mutexunlock().