In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Fix use-after-free bugs caused by pn532cmdtimeout When the pn532 uart device is detaching, the pn532uartremove() is called. But there are no functions in pn532uartremove() that could delete the cmdtimeout timer, which will cause use-after-free bugs. The process is shown below: (thread 1) | (thread 2) | pn532uartsendframe pn532uartremove | modtimer(&pn532->cmdtimeout,...) ... | (wait a time) kfree(pn532) //FREE | pn532cmdtimeout | pn532uartsendframe | pn532->... //USE This patch adds deltimersync() in pn532uartremove() in order to prevent the use-after-free bugs. What's more, the pn53xunregisternfc() is well synchronized, it sets nfcdev->shuttingdown to true and there are no syscalls could restart the cmdtimeout timer.