UDP Length Overflow in Linux Kernel Affecting L2TP Protocol
CVE-2026-43080

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43080?

A vulnerability in the Linux kernel affects the L2TP protocol, where oversized PPPoL2TP packets can lead to an overflow of the 16-bit UDP length field. This vulnerability can cause mismanaged packet processing, allowing oversized packets to bypass standard length checks. Such exploitation could lead to network disruptions or unintended behavior in connected systems. A recent patch has been proposed to enhance packet validation by intercepting and dropping these oversized packets before they are transmitted, thereby mitigating the associated risks.

Affected Version(s)

Linux 3557baabf28088f49bdf72a048fd33ab62e205b1 < 9ccce02d501335f59a02f26c878c5e095b16302f

Linux 3557baabf28088f49bdf72a048fd33ab62e205b1 < 77c1489398c85a844f90205f5e76fd6bc8bb4089

Linux 3557baabf28088f49bdf72a048fd33ab62e205b1 < 86534c97abd6365a9a021fd767a2023e63c44469

References

https://git.kernel.org/stable/c/9ccce02d501335f59a02f26c8...

https://git.kernel.org/stable/c/77c1489398c85a844f90205f5...

https://git.kernel.org/stable/c/86534c97abd6365a9a021fd76...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43080 Data

JSON