In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix use-after-free in chanctx code
In ieee80211vifusereservedcontext(), when we have an old context and the new context's replacestate is set to IEEE80211CHANCTXREPLACENONE, we free the old context in ieee80211vifusereservedreassign(). Therefore, we cannot check the old_ctx anymore, so we should set it to NULL after this point.
However, since the newctx replace state is clearly not IEEE80211CHANCTXREPLACESOTHER, we're not going to do anything else in this function and can just return to avoid accessing the freed old_ctx.