In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: fix potential use-after-free in ecbhfremove
static void ecbhfremove(struct pcidev *dev) { ... struct ecbhfpriv *priv = netdevpriv(net_dev);
unregister_netdev(net_dev);
free_netdev(net_dev);
pci_iounmap(dev, priv->dma_io);
pci_iounmap(dev, priv->io);
... }
priv is netdev private data, but it is used after freenetdev(). It can cause use-after-free when accessing priv pointer. So, fix it by moving freenetdev() after pci_iounmap() calls.