Pascal Ernster

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free error was found in the Linux kernel due to the vesafb driver freeing the fb info in the .remove handler instead of doing it in .fb destroy. This issue can occur when the .fb destroy callback is executed after the .remove callback, or when .fb destroy is called before the .remove callback, causing the fb info pointer to be accessed after it has been freed. **Recommendations** To resolve this issue, apply the patch that moves the expression containing the info->par to happen before the unregister framebuffer() function call. At the moment, there is no information about a newer version that contains a fix for this vulnerability.