In the Linux kernel, the following vulnerability has been resolved:
drivers/amd/pm: fix a use-after-free in kvparsepower_table
When ps allocated by kzalloc equals to NULL, kvparsepower_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes through the following call chains:
kvparsepowertable |-> kvdpminit |-> kvdpmswinit |-> kvdpmfini
The adev->pm.dpm.ps is used in the for loop of kvdpmfini after its first free in kvparsepower_table and causes a use-after-free bug.