In the Linux kernel, the following vulnerability has been resolved:
nvme: move stopping keep-alive into nvmeuninitctrl()
Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") moves starting keep-alive from nvmestartctrl() into nvmeinitctrlfinish(), but don't move stopping keep-alive into nvmeuninit_ctrl(), so keep-alive work can be started and keep pending after failing to start controller, finally use-after-free is triggered if nvme host driver is unloaded.
This patch fixes kernel panic when running nvme/004 in case that connection failure is triggered, by moving stopping keep-alive into nvmeuninitctrl().
This way is reasonable because keep-alive is now started in nvmeinitctrl_finish().