{"id":"CVE-2026-23072","summary":"l2tp: Fix memleak in l2tp_udp_encap_recv().","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: Fix memleak in l2tp_udp_encap_recv().\n\nsyzbot reported memleak of struct l2tp_session, l2tp_tunnel,\nsock, etc. [0]\n\nThe cited commit moved down the validation of the protocol\nversion in l2tp_udp_encap_recv().\n\nThe new place requires an extra error handling to avoid the\nmemleak.\n\nLet's call l2tp_session_put() there.\n\n[0]:\nBUG: memory leak\nunreferenced object 0xffff88810a290200 (size 512):\n  comm \"syz.0.17\", pid 6086, jiffies 4294944299\n  hex dump (first 32 bytes):\n    7d eb 04 0c 00 00 00 00 01 00 00 00 00 00 00 00  }...............\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc babb6a4f):\n    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n    slab_post_alloc_hook mm/slub.c:4958 [inline]\n    slab_alloc_node mm/slub.c:5263 [inline]\n    __do_kmalloc_node mm/slub.c:5656 [inline]\n    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669\n    kmalloc_noprof include/linux/slab.h:961 [inline]\n    kzalloc_noprof include/linux/slab.h:1094 [inline]\n    l2tp_session_create+0x3a/0x3b0 net/l2tp/l2tp_core.c:1778\n    pppol2tp_connect+0x48b/0x920 net/l2tp/l2tp_ppp.c:755\n    __sys_connect_file+0x7a/0xb0 net/socket.c:2089\n    __sys_connect+0xde/0x110 net/socket.c:2108\n    __do_sys_connect net/socket.c:2114 [inline]\n    __se_sys_connect net/socket.c:2111 [inline]\n    __x64_sys_connect+0x1c/0x30 net/socket.c:2111\n    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94\n    entry_SYSCALL_64_after_hwframe+0x77/0x7f","modified":"2026-04-02T13:11:56.604410Z","published":"2026-02-04T16:07:52.790Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23072.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/4d10edfd1475b69dbd4c47f34b61a3772ece83ca"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5cd158a88eef34e7b100cd9b963873d3b4e41b35"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d4ce79e6dce2a4a49eebceea7b4caf5dc0f0ef3d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23072.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23072"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"364798056f518b0bf2f17cd9eaf0dd4e856d7393"},{"fixed":"5cd158a88eef34e7b100cd9b963873d3b4e41b35"},{"fixed":"d4ce79e6dce2a4a49eebceea7b4caf5dc0f0ef3d"},{"fixed":"4d10edfd1475b69dbd4c47f34b61a3772ece83ca"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23072.json"}}],"schema_version":"1.7.5"}