In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance
The csdsp instance is initialized in the driver probe() so it should be freed in the driver remove(). Also fix a missing call to csdspremove() in the error path of cs35l56hdacommonprobe().
The call to csdspremove() was being done in the component unbind callback cs35l56hdaunbind(). This meant that if the driver was unbound and then re-bound it would be using an uninitialized cs_dsp instance.
It is best to initialize the csdsp instance in probe() so that it can return an error if it fails. The component binding API doesn't have any error handling so there's no way to handle a failure if csdsp was initialized in the bind.