In the Linux kernel, the following vulnerability has been resolved:
iio: core: fix ioctl handlers removal
Currently ioctl handlers are removed twice. For the first time during iio_device_unregister() then later on inside iio_device_unregister_eventset() and iio_buffers_free_sysfs_and_mask(). Double free leads to kernel panic.
Fix this by not touching ioctl handlers list directly but rather letting code responsible for registration call the matching cleanup routine itself.