CVE-2026-43090

In the Linux kernel, the following vulnerability has been resolved:

xfrm: fix refcount leak in xfrm migrate policy find

syzkaller reported a memory leak in xfrm policy alloc:

BUG: memory leak unreferenced object 0xffff888114d79000 (size 1024): comm "syz.1.17", pid 931 ... xfrm policy alloc+0xb3/0x4b0 net/xfrm/xfrm policy.c:432

The root cause is a double call to xfrm pol hold rcu() in xfrm migrate policy find(). The lookup function already returns a policy with held reference, making the second call redundant.

Remove the redundant xfrm pol hold rcu() call to fix the refcount imbalance and prevent the memory leak.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.