Msizanoen

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The Linux kernel has a memory leak issue when a `fib` rule is present in IPv6 nftables firewall rules and a suppress prefix rule is present in the IPv6 routing rules. This leads to a memory leak in the `ip6 dst cache` slab cache with every incoming IPv6 packet. The problem arises from the generic `args->flags` always having `FIB LOOKUP NOREF` set, but the IPv6-specific flag `RT6 LOOKUP F DST NOREF` might not be, resulting in `fib6 rule suppress` not decreasing the refcount when needed. To reproduce the issue, add a specific nftables rule to a prerouting chain and run a command to add a suppress prefix rule to the IPv6 routing rules. Then, monitor the memory usage of the `ip6 dst cache` slab cache to see it increase with every incoming IPv6 packet. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.