In the Linux kernel, the following vulnerability has been resolved:
xfrm: fix refcount leak in xfrmmigratepolicy_find
syzkaller reported a memory leak in xfrmpolicyalloc:
BUG: memory leak unreferenced object 0xffff888114d79000 (size 1024): comm "syz.1.17", pid 931 ... xfrmpolicyalloc+0xb3/0x4b0 net/xfrm/xfrm_policy.c:432
The root cause is a double call to xfrmpolholdrcu() in xfrmmigratepolicyfind(). The lookup function already returns a policy with held reference, making the second call redundant.
Remove the redundant xfrmpolhold_rcu() call to fix the refcount imbalance and prevent the memory leak.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43090.json",
"cna_assigner": "Linux"
}