In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: Fix suspicious rcudereferenceprotected()
When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in ipsetdereference() (nfnetlink mutex is held), but the former was not. The patch adds the required check to rcudereferenceprotected() in ipsetdereference().