In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input. CREATE(Triage):(User=admin) CVE-2024-57904 (https://nvd.nist.gov/vuln/detail/CVE-2024-57904)
