In the Linux kernel, the following vulnerability has been resolved:
ipv6: prevent possible UAF in ip6_xmit()
If skbexpandhead() returns NULL, skb has been freed and the associated dst/idev could also have been freed.
We must use rcureadlock() to prevent a possible UAF.