In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix potential "struct net" leak in inet6rtmgetaddr()
It seems that if userspace provides a correct IFATARGETNETNSID value but no IFAADDRESS and IFALOCAL attributes, inet6rtmgetaddr() returns -EINVAL with an elevated "struct net" refcount.