In the Linux kernel, the following vulnerability has been resolved:
misc: miscminoralloc to use ida for all dynamic/misc dynamic minors
miscminoralloc was allocating id using ida for minor only in case of MISCDYNAMICMINOR but miscminorfree was always freeing ids using ida_free causing a mismatch and following warn:
WARNING: CPU: 0 PID: 159 at lib/idr.c:525 idafree+0x3e0/0x41f idafree called for id=127 which is not allocated. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ... [<60941eb4>] idafree+0x3e0/0x41f [<605ac993>] miscminorfree+0x3e/0xbc [<605acb82>] miscderegister+0x171/0x1b3
miscminoralloc is changed to allocate id from ida for all minors falling in the range of dynamic/ misc dynamic minors