From the upstream fix below: The watchdog_timer can schedule tx_timeout_task and watchdog_work can also arm watchdog_timer [..] Although del_timer_sync() and cancel_work_sync() are called in cyttsp4_remove(), the timer and workqueue could still be rearmed. As a result, the possible use after free bugs could happen. Upstream commit: https://github.com/torvalds/linux/commit/dbe836576f12743a7d2d170ad4ad4fd324c4d47a
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2228792]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-4134
This was fixed for Fedora with the 6.4.4 stable kernel updates.