In the Linux kernel, the following vulnerability has been resolved:
dmaengine: altera-msgdma: properly free descriptor in msgdmafreedescriptor
Remove listdel call in msgdmachandesccleanup, this should be the role of msgdmafreedescriptor. In consequence replace listaddtail with listmovetail in msgdmafreedescriptor.
This fixes the path: msgdmafreechanresources -> msgdmafreedescriptors -> msgdmafreedesclist -> msgdmafreedescriptor
which does not correctly free the descriptors as first nodes were not removed from the list.