CVE-2026-23072 l2tp: Fix memleak in l2tp_udp_encap_recv().

🗓️ 04 Feb 2026 16:07:52Reported by LinuxType

CVE-2026-23072 fixes a memory leak in l2tp_udp_encap_recv by calling l2tp_session_put() after validation.

Reporter	Title	Published	Views	Family All 32
ATTACKERKB	CVE-2026-23072	4 Feb 202616:07	–	attackerkb
AstraLinux	Astra Linux - уязвимость в linux-5.10	20 May 202605:53	–	astralinux
CNNVD	Linux kernel 安全漏洞	4 Feb 202600:00	–	cnnvd
CVE	CVE-2026-23072	4 Feb 202616:07	–	cve
Debian	[SECURITY] [DSA 6126-1] linux security update	9 Feb 202618:21	–	debian
Debian CVE	CVE-2026-23072	4 Feb 202616:07	–	debiancve
Tenable Nessus	Debian dsa-6126 : ata-modules-6.12.31-armmp-di - security update	9 Feb 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20572-1)	22 Apr 202600:00	–	nessus
Tenable Nessus	Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50160)	24 Mar 202600:00	–	nessus
Tenable Nessus	Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50232)	16 Apr 202600:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/l2tp/l2tp_core.c"
    ],
    "versions": [
      {
        "version": "364798056f518b0bf2f17cd9eaf0dd4e856d7393",
        "lessThan": "5cd158a88eef34e7b100cd9b963873d3b4e41b35",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "364798056f518b0bf2f17cd9eaf0dd4e856d7393",
        "lessThan": "d4ce79e6dce2a4a49eebceea7b4caf5dc0f0ef3d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "364798056f518b0bf2f17cd9eaf0dd4e856d7393",
        "lessThan": "4d10edfd1475b69dbd4c47f34b61a3772ece83ca",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/l2tp/l2tp_core.c"
    ],
    "versions": [
      {
        "version": "6.10",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.10",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.68",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.18.8",
        "lessThanOrEqual": "6.18.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.19",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/5cd158a88eef34e7b100cd9b963873d3b4e41b35
git	www.git.kernel.org/stable/c/4d10edfd1475b69dbd4c47f34b61a3772ece83ca
git	www.git.kernel.org/stable/c/d4ce79e6dce2a4a49eebceea7b4caf5dc0f0ef3d

11 May 2026 21:59Current

EPSS0.00022