In the Linux kernel, the following vulnerability has been resolved:
fscrypt: destroy keyring after securitysbdelete()
fscryptdestroykeyring() must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landlock LSM don't get evicted until securitysbdelete(), this means that fscryptdestroykeyring() must be called after securitysbdelete().
This fixes a WARN_ON followed by a NULL dereference, only possible if Landlock was being used on encrypted files.