In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'ebatbl' in ubicreatevolume()'s error handling path: ubiebareplacetable(vol, ebatbl) vol->ebatbl = tbl outmapping: ubiebadestroytable(ebatbl) // Free 'ebatbl' outunlock: putdevice(&vol->dev) volrelease kfree(tbl->entries) // UAF Fix it by removing redundant 'ebatbl' releasing. Fetch a reproducer in [Link].