In the Linux kernel, the following vulnerability has been resolved:
firmware_loader: Fix use-after-free during unregister
In the following code within firmwareuploadunregister(), the call to deviceunregister() could result in the devrelease function freeing the fwuploadpriv structure before it is dereferenced for the call to moduleput(). This bug was found by the kernel test robot using CONFIGKASAN while running the firmware selftests.
deviceunregister(&fwsysfs->dev); moduleput(fwupload_priv->module);
The problem is fixed by copying fwuploadpriv->module to a local variable for use when calling device_unregister().