In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: ipc3-topology: Prevent double freeing of ipccontroldata via load_bytes
We have sanity checks for byte controls and if any of the fail the locally allocated scontrol->ipccontroldata is freed up, but not set to NULL.
On a rollback path of the error the higher level code will also try to free the scontrol->ipccontroldata which will eventually going to lead to memory corruption as double freeing memory is not a good thing.