In the Linux kernel, the following vulnerability has been resolved:

net_sched: fix skb memory leak in deferred qdisc drops

When the network stack cleans up the deferred list via qdisc_run_end(),
it operates on the root qdisc. If the root qdisc do not implement the
TCQ_F_DEQUEUE_DROPS flag the packets queue to free are never freed and
gets stranded on the child's local to_free list.

Fix this by making qdisc_dequeue_drop() aware of the root qdisc. It
fetches the root qdisc and check for the TCQ_F_DEQUEUE_DROPS flag. If
the flag is present, the packet is appended directly to the root's
to_free list. Otherwise, drop it directly as it was done before the
optimization was implemented.

https://git.kernel.org/stable/c/a6bd339dbb3514bce690fdcf252e788dfab4ee76

https://git.kernel.org/stable/c/bf26ad92ffda7884825d67b46bd5efe615c3babf

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/sch_generic.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a6efc273ab8245722eee2150fa12cf75781dc410","lessThan":"bf26ad92ffda7884825d67b46bd5efe615c3babf","versionType":"git","status":"affected"},{"version":"a6efc273ab8245722eee2150fa12cf75781dc410","lessThan":"a6bd339dbb3514bce690fdcf252e788dfab4ee76","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/sch_generic.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]