CVE-2026-23072
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel L2TP UDP Encapsulation Module

Publication date: 2026-02-04

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tp_udp_encap_recv(). syzbot reported memleak of struct l2tp_session, l2tp_tunnel, sock, etc. [0] The cited commit moved down the validation of the protocol version in l2tp_udp_encap_recv(). The new place requires an extra error handling to avoid the memleak. Let's call l2tp_session_put() there. [0]: BUG: memory leak unreferenced object 0xffff88810a290200 (size 512): comm "syz.0.17", pid 6086, jiffies 4294944299 hex dump (first 32 bytes): 7d eb 04 0c 00 00 00 00 01 00 00 00 00 00 00 00 }............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc babb6a4f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] l2tp_session_create+0x3a/0x3b0 net/l2tp/l2tp_core.c:1778 pppol2tp_connect+0x48b/0x920 net/l2tp/l2tp_ppp.c:755 __sys_connect_file+0x7a/0xb0 net/socket.c:2089 __sys_connect+0xde/0x110 net/socket.c:2108 __do_sys_connect net/socket.c:2114 [inline] __se_sys_connect net/socket.c:2111 [inline] __x64_sys_connect+0x1c/0x30 net/socket.c:2111 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23072
EUVD
EUVD-2026-5472
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.8 (exc)
linux linux_kernel 6.19
linux linux_kernel From 6.10 (inc) to 6.12.68 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's L2TP (Layer 2 Tunneling Protocol) implementation, specifically in the function l2tp_udp_encap_recv().

The issue occurs because the validation of the protocol version was moved down in the code, which requires additional error handling to prevent memory from being leaked.

Without this error handling, objects such as l2tp_session, l2tp_tunnel, and socket structures are not properly released, causing memory to be consumed unnecessarily.

Impact Analysis

The memory leak can lead to increased memory consumption on affected systems running the vulnerable Linux kernel.

Over time, this can degrade system performance, potentially causing resource exhaustion and instability.

In environments where L2TP is used for VPN or tunneling, this could impact the reliability and availability of network services.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves a memory leak in the Linux kernel's l2tp_udp_encap_recv() function related to L2TP sessions and tunnels.

Detection would typically involve monitoring for memory leaks related to l2tp_session, l2tp_tunnel, and socket objects in the kernel.

One approach is to use the kernel's kmemleak feature to detect unreferenced objects that indicate memory leaks.

  • Enable kmemleak by adding 'kmemleak=on' to the kernel boot parameters.
  • Check for memory leaks by reading from /sys/kernel/debug/kmemleak:
  • cat /sys/kernel/debug/kmemleak
  • Use dmesg or journalctl to look for kernel messages indicating memory leaks related to l2tp_session or l2tp_tunnel.
Mitigation Strategies

The vulnerability has been fixed by moving the validation of the protocol version in l2tp_udp_encap_recv() and adding extra error handling to avoid the memory leak.

Immediate mitigation steps include updating the Linux kernel to a version that contains the fix for this issue.

If updating the kernel is not immediately possible, consider disabling L2TP functionality if it is not required, to reduce exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23072. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart