In the Linux kernel, the following vulnerability has been resolved:
scsi: aacraid: Fix double-free on probe failure
aacprobeone() calls hardware-specific init functions through the aacdriverident::init pointer, all of which eventually call down to aacinitadapter().
If aacinitadapter() fails after allocating memory for aac_dev::queues, it frees the memory but does not clear that member.
After the hardware-specific init function returns an error, aacprobeone() goes down an error path that frees the memory pointed to by aac_dev::queues, resulting.in a double-free.