CVE-2025-40316

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/mediatek: Fix device use-after-free on unbind<br /> <br /> A recent change fixed device reference leaks when looking up drm<br /> platform device driver data during bind() but failed to remove a partial<br /> fix which had been added by commit 80805b62ea5b ("drm/mediatek: Fix<br /> kobject put for component sub-drivers").<br /> <br /> This results in a reference imbalance on component bind() failures and<br /> on unbind() which could lead to a user-after-free.<br /> <br /> Make sure to only drop the references after retrieving the driver data<br /> by effectively reverting the previous partial fix.<br /> <br /> Note that holding a reference to a device does not prevent its driver<br /> data from going away so there is no point in keeping the reference.