In the Linux kernel, the following vulnerability has been resolved:
drm/i915: Fix a memory leak with reused mmap_offset
drmvmanodeallow() and drmvmanoderevoke() should be called in balanced pairs. We call drmvmanodeallow() once per-file everytime a user calls mmapoffset, but only call drmvmanoderevoke once per-file on each mmapoffset. As the mmapoffset is reused by the client, the per-file vmcount may remain non-zero and the rbtree leaked.
Call drmvmanodeallowonce() instead to prevent that memory leak.