Zhang Min

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the Linux kernel's vdpa component. When the vp vdpa driver is unbound, vp vdpa is freed in vdpa unregister device, and then vp vdpa->mdev.pci dev is dereferenced in vp modern remove, triggering use-after-free. This can lead to a denial of service. The vulnerability is triggered by the `vp vdpa remove` function and the `vp modern remove` function, which dereferences `vp vdpa->mdev.pci dev`. The `do syscall 64`, `vfs write`, `kernfs fop write iter`, `device release driver internal`, `pci device remove`, `vdpa unregister device`, `kobject release`, `device release`, and `kfree` functions are involved in the call trace of unbinding the driver and freeing `vp vdpa`. The `pci release selected regions`, `pci release region`, `pci resource len`, `pci resource end`, and `(dev)->resource[(bar)].end` functions are involved in the call trace of dereferencing `vp vdpa->mdev.pci dev`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.