In the Linux kernel, the following vulnerability has been resolved:
io_uring/zcrx: fix user_struct uaf
io_free_rbuf_ring() usees a struct user_struct, which io_zcrx_ifq_free() puts it down before destroying the ring.