PT-2025-13366 · Linux+4 · Linux Kernel+4

Published

2023-05-09

Updated

2026-01-28

CVE-2023-53020

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, specifically in the l2tp tunnel register() function. The issue involved several race conditions, including modifying the tunnel socket after publishing it, calling setup udp tunnel sock() on an existing socket without locking, and changing the sock lock class, which triggered many syzbot reports. The patch addresses these issues by moving socket initialization code before publishing and under the sock lock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Race Condition

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-667

Related Identifiers

ALSA-2025_16880

BDU:2025-06350

CVE-2023-53020

RHSA-2023:2458

RHSA-2023_2458

SUSE-SU-2025:02334-1

SUSE-SU-2025:02846-1

SUSE-SU-2025:03204-1

SUSE-SU-2025_02334-1

SUSE-SU-2025_02846-1

SUSE-SU-2025_03204-1

SUSE-SU-2026:0316-1

Affected Products

Astra Linux

Linux Kernel

Red Hat

Red Os

Suse

PT-2025-13366 · Linux+4 · Linux Kernel+4

CVE-2023-53020

Weakness Enumeration

Related Identifiers

Affected Products

References · 894