In the Linux kernel, the following vulnerability has been resolved:
tomoyo: fix UAF write bug in tomoyowritecontrol()
Since tomoyowritecontrol() updates head->writebuf when write() of long lines is requested, we need to fetch head->writebuf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.