In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: release elements in clone only from destroy path
Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice.
This fix requires:
212ed75dc5fb (netfilter: nf_tables: integrate pipapo into commit protocol)
which came after:
9827a0e6e23b (netfilter: nft_set_pipapo: release elements in clone from abort path).