In the Linux kernel, the following vulnerability has been resolved:
jfs: fix uaf in jfsevictinode
When the execution of diMount(ipimap) fails, the object ipimap that has been released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs when rcucore() calls jfsfree_node().
Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as ipimap.