In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix a use-after-free
looks like we forget to set ttm->sg to NULL. Hit panic below
[ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUGPAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751] sgfreetable+0x17/0x20 [ 1235.995667] amdgputtmbackendunbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288] amdgputtmbackenddestroy+0x29/0x130 [amdgpu] [ 1236.008464] ttmttdestroy+0x1e/0x30 [ttm] [ 1236.013066] ttmbocleanupmemtypeuse+0x51/0xa0 [ttm] [ 1236.018783] ttmborelease+0x262/0xa50 [ttm] [ 1236.023547] ttmboput+0x82/0xd0 [ttm] [ 1236.027766] amdgpubounref+0x26/0x50 [amdgpu] [ 1236.032809] amdgpuamdkfdgpuvmallocmemoryofgpu+0x7aa/0xd90 [amdgpu] [ 1236.040400] kfdioctlallocmemoryofgpu+0xe2/0x330 [amdgpu] [ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]