In the Linux kernel, the following vulnerability has been resolved:
can: dev: can_restart: fix use after free bug
After calling netifrxni(skb), dereferencing skb is unsafe. Especially, the canframe cf which aliases skb memory is accessed after the netifrxni() in: stats->rxbytes += cf->len;
Reordering the lines solves the issue.