Pei Xiao

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue has been identified in the Linux kernel, specifically in the dw i3c master driver, due to a race condition. The vulnerability occurs when the `dw i3c common probe` function binds `&master->hj work` with `dw i3c hj work`, and `dw i3c master irq handler` calls `dw i3c master irq handle ibis` to start the work. If the module is removed, `dw i3c common remove` is called, which frees `master->base` through `i3c master unregister`, while the work is still being used. This sequence of operations can lead to a use-after-free bug. **Recommendations** To resolve this issue, ensure that the work is canceled before proceeding with the cleanup in `dw i3c common remove`. As a temporary workaround, consider disabling the `dw i3c hj work` function until a patch is available. Restrict access to the vulnerable `dw i3c master` driver to minimize the risk of exploitation. Avoid using the `master->base` variable in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.