CVE-2026-23072

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> l2tp: Fix memleak in l2tp_udp_encap_recv().<br /> <br /> syzbot reported memleak of struct l2tp_session, l2tp_tunnel,<br /> sock, etc. [0]<br /> <br /> The cited commit moved down the validation of the protocol<br /> version in l2tp_udp_encap_recv().<br /> <br /> The new place requires an extra error handling to avoid the<br /> memleak.<br /> <br /> Let&amp;#39;s call l2tp_session_put() there.<br /> <br /> [0]:<br /> BUG: memory leak<br /> unreferenced object 0xffff88810a290200 (size 512):<br /> comm "syz.0.17", pid 6086, jiffies 4294944299<br /> hex dump (first 32 bytes):<br /> 7d eb 04 0c 00 00 00 00 01 00 00 00 00 00 00 00 }...............<br /> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> backtrace (crc babb6a4f):<br /> kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]<br /> slab_post_alloc_hook mm/slub.c:4958 [inline]<br /> slab_alloc_node mm/slub.c:5263 [inline]<br /> __do_kmalloc_node mm/slub.c:5656 [inline]<br /> __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669<br /> kmalloc_noprof include/linux/slab.h:961 [inline]<br /> kzalloc_noprof include/linux/slab.h:1094 [inline]<br /> l2tp_session_create+0x3a/0x3b0 net/l2tp/l2tp_core.c:1778<br /> pppol2tp_connect+0x48b/0x920 net/l2tp/l2tp_ppp.c:755<br /> __sys_connect_file+0x7a/0xb0 net/socket.c:2089<br /> __sys_connect+0xde/0x110 net/socket.c:2108<br /> __do_sys_connect net/socket.c:2114 [inline]<br /> __se_sys_connect net/socket.c:2111 [inline]<br /> __x64_sys_connect+0x1c/0x30 net/socket.c:2111<br /> do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]<br /> do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f