CVE-2026-23072

In the Linux kernel, the following vulnerability has been resolved:

l2tp: Fix memleak in l2tpudpencap_recv().

syzbot reported memleak of struct l2tpsession, l2tptunnel, sock, etc. [0]

The cited commit moved down the validation of the protocol version in l2tpudpencap_recv().

The new place requires an extra error handling to avoid the memleak.

Let's call l2tpsessionput() there.

unreferenced object 0xffff88810a290200 (size 512): comm "syz.0.17", pid 6086, jiffies 4294944299 hex dump (first 32 bytes): 7d eb 04 0c 00 00 00 00 01 00 00 00 00 00 00 00 }............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc babb6a4f): kmemleakallocrecursive include/linux/kmemleak.h:44 [inline] slabpostallochook mm/slub.c:4958 [inline] slaballoc_node mm/slub.c:5263 [inline] __dokmallocnode mm/slub.c:5656 [inline] __kmallocnoprof+0x3e0/0x660 mm/slub.c:5669 kmallocnoprof include/linux/slab.h:961 [inline] kzallocnoprof include/linux/slab.h:1094 [inline] l2tpsessioncreate+0x3a/0x3b0 net/l2tp/l2tpcore.c:1778 pppol2tpconnect+0x48b/0x920 net/l2tp/l2tpppp.c:755 __sysconnectfile+0x7a/0xb0 net/socket.c:2089 __sys_connect+0xde/0x110 net/socket.c:2108 __dosysconnect net/socket.c:2114 [inline] __sesysconnect net/socket.c:2111 [inline] __x64sysconnect+0x1c/0x30 net/socket.c:2111 dosyscallx64 arch/x86/entry/syscall64.c:63 [inline] dosyscall64+0xa4/0xf80 arch/x86/entry/syscall64.c:94 entrySYSCALL64afterhwframe+0x77/0x7f