CVE-2026-23072

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a memory leak in the l2tp udp encap recv() function. The issue was identified by syzbot, which reported a memory leak of structures like l2tp session, l2tp tunnel, and sock. The root cause was identified as a missing error handling mechanism after a change in the protocol version validation within the function. Specifically, the fix involves calling l2tp session put() to properly manage memory allocation and prevent the leak.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.