In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl8xxxu: add cancelworksync() for c2hcmd_work
The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancelworksync() in rtl8xxxu_stop().