In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: fix missing expect put in obj eval

nft_ct_expect_obj_eval() allocates an expectation and may call
nf_ct_expect_related(), but never drops its local reference.

Add nf_ct_expect_put(exp) before return to balance allocation.