In the Linux kernel, the following vulnerability has been resolved:
mailbox: mailbox-test: dont free the reused channel
The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs.