In the Linux kernel, the following vulnerability has been resolved: char: xillybus: fix a refcount leak in cleanup_dev() usb_get_dev is called in xillyusb_probe. So it is better to call usb_put_dev before xdev is released.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2025022635-CVE-2022-49310-d185@gregkh/T