In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - Fix ADFDEVRESET_SYNC memory leak
Using completiondone to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called waitfor_completion, resulting in another potential UAF.
Fix this by making the caller use cancelworksync and then freeing the memory safely.