Comment # 9 on bug 1210329 from Zheng Wang

(In reply to Marcus Meissner from comment #8)
> This happens only on module removal?
> 
> I currently find it hard to see an attacker controlled exploitation vector
> for this issue.

No, this is a similar problem like CVE-2023-1855 CVE-2023-1670 and some other
issues I have been reported. It assumes the attacker can access the device
physically. When the driver-related device was unpluged, the remove function
will be triggered.

So this is an attack with special requirement. Here is the original report
where I learned from [1].

[1] https://github.com/V4bel/CVE-2022-41218