In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix a race condition of vram buffer unref in svm code
prange->svmbo unref can happen in both mmu callback and a callback after migrate to system ram. Both are async call in different tasks. Sync svmbo unref operation to avoid random "use-after-free".