A race condition may occur if the user calls close() on another thread during a write() operation on the device node of the efi capsule. This is a race condition that occurs between the efi_capsule_write() and efi_capsule_flush() functions of efi_capsule_fops, which ultimately results in UAF.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2127425]
This was fixed for Fedora with the 5.19.9 stable kernel updates.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):