In the Linux kernel, the following vulnerability has been resolved:
lib/generic-radix-tree.c: Fix rare race in _genradixptr_alloc()
If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll still have a preallocated node that might be used later.
If we then use that node for a new non-root node, it'll still have a pointer to the old root instead of being zeroed - fix this by zeroing it in the cmpxchg failure path.