A memory leak flaw was reported in firewalld when IPv6_rpfilter is enabled and a suppress_prefix rule is present in the IPv6 routing rules. In such scenarios, every incoming packet will leak an allocation in ip6_dst_cache slab cache.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.