CVE-2026-23120

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a data-race condition within the l2tp tunnel del work() function. This issue arises when handling kernel sockets, specifically during the deletion of an L2TP tunnel. The data-race occurs when accessing sk->sk socket concurrently from different tasks, potentially leading to unpredictable behavior or system instability. The syzbot fuzzer reported the data-race in l2tp tunnel del work and sk common release. The functions involved include sk set socket, sock orphan, sk common release, udp lib close, inet release, sock release, sock close, fput, fput, task work run, resume user mode work, exit to user mode loop, syscall exit to user mode prepare, syscall exit to user mode work, syscall exit to user mode, do syscall 64, and entry SYSCALL 64 after hwframe.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.