In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: possible module reference underflow in error path
dst->ops is set on when nftexprclone() fails, but module refcount has not been bumped yet, therefore nftexprdestroy() leads to module reference underflow.