Lance Richardson

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.50 **Description** The issue is related to a race condition in the `dmam free coherent()` function, which can lead to data corruption and crashes. This occurs when a concurrent task makes an allocation with the same `vaddr` and adds it to the devres list between the time `dmam free coherent()` frees a DMA allocation and calls `devres destroy()` to remove and free the data structure used to track the DMA allocation. As a result, there can be two entries in the devres list with the same `vaddr`, and `devres destroy()` can free the wrong entry, triggering the `WARN ON()` in `dmam match`. The fix involves destroying the devres entry before freeing the DMA allocation. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider restricting concurrent tasks during kernel operations to minimize the risk of exploitation.