[PATCH -next] firmware: imx: Add missing return in error path to prevent use-after-free.
From: Pankaj Gupta
Date: Thu May 28 2026 - 05:24:06 EST
After freeing dev_ctx and setting *new_dev_ctx to NULL, the function
continues execution and dereferences dev_ctx, leading to a potential
use-after-free. Return immediately to avoid accessing freed memory.
This appears to have been lost during merge of the original fix.
Fixes: 3ae9dcce8400 ("firmware: drivers: imx: adds miscdev")
Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
Signed-off-by: Pankaj Gupta <pankaj.gupta@xxxxxxx>
---
drivers/firmware/imx/se_ctrl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
index 9327d47e4312..4914d3b6bf0b 100644
--- a/drivers/firmware/imx/se_ctrl.c
+++ b/drivers/firmware/imx/se_ctrl.c
@@ -486,6 +486,8 @@ static int init_device_context(struct se_if_priv *priv, int ch_id,
kfree(dev_ctx->devname);
kfree(dev_ctx);
*new_dev_ctx = NULL;
+
+ return ret;
}
list_add_tail(&dev_ctx->link, &priv->dev_ctx_list);
--
2.43.0