In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling ->foliofree() The contents of a device folio can immediately change after calling ->foliofree(), as the folio may be reallocated by a driver with a different order. Instead of touching the folio again to extract the pgmap, use the local stack variable when calling percpurefputmany().