What the vulnerability does

01Description

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

Key dates

02Disclosure timeline

November 28, 2022 CVE published
April 14, 2025 Record updated