Key Information Vulnerability Description: - In the function, the destructor of the sk_buff is removed before segmentation, but the socket reference remains unchanged. If the original sk_buff is later orphaned, it may trigger the following error: Problem Scenario: - When using OpenVSwitch, this issue may occur if the OVS_ACTION_ATTR_USERSPACE action is executed before the OVS_ACTION_ATTR_OUTPUT action. Fix: - The issue is resolved by also removing the socket reference in . Related Commit: - Fixes: ad405857b174 ("udp: better wmem accounting on gso") Author and Committer: - Author: Antoine Tenart () - Committer: Greg Kroah-Hartman () Links: - Patch Link