In the Linux kernel, the following vulnerability has been resolved:
ublk: fix race between iouringcmdcompleteintask and ublkcancel_cmd
ublkcancelcmd() calls iouringcmddone() to complete uringcmd, but we may have scheduled task work via iouringcmdcompletein_task() for dispatching request, then kernel crash can be triggered.
Fix it by not trying to canceling the command if ublk block request is started.