http://bugzilla.suse.com/show_bug.cgi?id=1210329 http://bugzilla.suse.com/show_bug.cgi?id=1210329#c9 --- Comment #9 from Zheng Wang --- (In reply to Marcus Meissner from comment #8)

This happens only on module removal?

I currently find it hard to see an attacker controlled exploitation vector for this issue.

No, this is a similar problem like CVE-2023-1855 CVE-2023-1670 and some other issues I have been reported. It assumes the attacker can access the device physically. When the driver-related device was unpluged, the remove function will be triggered. So this is an attack with special requirement. Here is the original report where I learned from [1]. [1] https://github.com/V4bel/CVE-2022-41218 -- You are receiving this mail because: You are on the CC list for the bug.