drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. This fix of CVE has not been accepted by upstream for many years. From the patch comments this bug is only occurred when user physically removes the PCMCIA device while calling ioctl() for this tty device node so this is a race for rare hardware that is unlikely to be in use in 2025.
