In the Linux kernel, the following vulnerability has been resolved:

spmi: mediatek: Fix UAF on device remove

The pmif driver data that contains the clocks is allocated along with
spmi_controller.
On device remove, spmi_controller will be freed first, and then devres
, including the clocks, will be cleanup.
This leads to UAF because putting the clocks will access the clocks in
the pmif driver data, which is already freed along with spmi_controller.

This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and
building the kernel with KASAN.

Fix the UAF issue by using unmanaged clk_bulk_get() and putting the
clocks before freeing spmi_controller.

Linux https://git.kernel.org/stable/c/521f28eedd6b14228c46e3b81e3bf9b90c2818d8 [No types assigned]

Linux https://git.kernel.org/stable/c/9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e [No types assigned]

Linux https://git.kernel.org/stable/c/e821d50ab5b956ed0effa49faaf29912fd4106d9 [No types assigned]

Linux https://git.kernel.org/stable/c/f8dcafcb54632536684336161da8bdd52120f95e [No types assigned]