In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix memory leak on last exportudmabuf() error path In exportudmabuf(), if dmabuffd() fails because the FD table is full, a dmabuf owning the udmabuf has already been created; but the error handling in udmabufcreate() will tear down the udmabuf without doing anything about the containing dmabuf. This leaves a dmabuf in memory that contains a dangling pointer; though that doesn't seem to lead to anything bad except a memory leak. Fix it by moving the dmabuffd() call out of export_udmabuf() so that we can give it different error handling. Note that the shape of this code changed a lot in commit 5e72b2b41a21 ("udmabuf: convert udmabuf driver to use folios"); but the memory leak seems to have existed since the introduction of udmabuf.