Rijo Thomas

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the amdtee component of the Linux kernel. This vulnerability can be caused by a potential race condition in the `amdtee close session` function, which may lead to use-after-free in the `amdtee open session` function. For instance, if a session has a reference count of 1 and one thread tries to free this session via `kref put(&sess->refcount, destroy session)`, the reference count will get decremented, and the next step would be to call `destroy session()`. However, if in another thread, `amdtee open session()` is called before `destroy session()` has completed execution, `alloc session()` may return a session that will be freed up later in `destroy session()`, leading to use-after-free in `amdtee open session`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.