In the Linux kernel, the following vulnerability has been resolved:
media: dvbdev: adopts refcnt to avoid UAF
dvb_unregister_device() is known that prone to use-after-free. That is, the cleanup from dvb_unregister_device() releases the dvb_device even if there are pointers stored in file->private_data still refer to it.
This patch adds a reference counter into struct dvb_device and delays its deallocation until no pointer refers to the object.