In the Linux kernel, the following vulnerability has been resolved:
mcb: fix error handling in mcballocbus()
There are two bugs: 1) If idasimpleget() fails then this code calls putdevice(carrier) but we haven't yet called getdevice(carrier) and probably that leads to a use after free. 2) After deviceinitialize() then we need to use putdevice() to release the bus. This will free the internal resources tied to the device and call mcbfreebus() which will free the rest.