In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix a use after free in ath10khtcsendbundle In ath10khtcsendbundle, the bundleskb could be freed by devkfreeskbany(bundleskb). But the bundleskb is used later by bundleskb->len. As skblen = bundleskb->len, my patch replaces bundleskb->len to skblen after the bundleskb was freed.