A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev fails, u32_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, l ...