Description: Use after free triggered by block frontend in Linux blkback References: https://xenbits.xen.org/xsa/advisory-350.html https://lore.kernel.org/lkml/20201215122606.6874-1-jgross@suse.com/ Notes: carnil> Introduced due a24fa22ce22a ("xen/blkback: don't use carnil> xen_blkif_get() in xen-blkback kthread") in 4.12-rc1 and carnil> backported to 4.9.36. Bugs: upstream: released (5.11-rc1) [1c728719a4da6e654afb9cc047164755072ed7c9] 5.10-upstream-stable: released (5.10.4) [aadd67750f43132177138fcd56ebc60aeb06228a] 4.19-upstream-stable: released (4.19.164) [014ee1c7d184acb8986152014a570ba7c69d3616] 4.9-upstream-stable: released (4.9.249) [d67091e9d6ee81543344613927ea3516980ffc3f] sid: released (5.9.15-1) [bugfix/all/xen-blkback-set-ring-xenblkd-to-NULL-after-kthread_s.patch] 4.19-buster-security: released (4.19.171-1) 4.9-stretch-security: released (4.9.258-1)