CVE-2026-43091

In the Linux kernel, the following vulnerability has been resolved:

xfrm: Wait for RCU readers during policy netns exit

xfrm policy fini() frees the policy bydst hash tables after flushing the policy work items and deleting all policies, but it does not wait for concurrent RCU readers to leave their read-side critical sections first.

The policy bydst tables are published via rcu assign pointer() and are looked up through rcu dereference check(), so netns teardown must also wait for an RCU grace period before freeing the table memory.

Fix this by adding synchronize rcu() before freeing the policy hash tables.