In the Linux kernel, the following vulnerability has been resolved:
net: nfc: fix races in nfcllcpsockget() and nfcllcpsockget_sn()
Sili Luo reported a race in nfcllcpsock_get(), leading to UAF.
Getting a reference on the socket found in a lookup while holding a lock should happen before releasing the lock.
nfcllcpsockgetsn() has a similar problem.
Finally nfcllcprecvsnl() needs to make sure the socket found by nfcllcpsockfrom_sn() does not disappear.