In the Linux kernel, the following vulnerability has been resolved:
cachefiles: add missing lock protection when polling
Add missing lock protection in poll routine when iterating xarray, otherwise:
Even with RCU read lock held, only the slot of the radix tree is ensured to be pinned there, while the data structure (e.g. struct cachefilesreq) stored in the slot has no such guarantee. The poll routine will iterate the radix tree and dereference cachefilesreq accordingly. Thus RCU read lock is not adequate in this case and spinlock is needed here.