Linux Kernel < 4.9.326 - Use-After-Free in cls_route Filter Implementation
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.