Use-After-Free Vulnerability in Linux Kernel L2TP Protocol
CVE-2026-53262

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53262?

A vulnerability in the L2TP implementation of the Linux kernel can lead to a Use-After-Free condition. The issue arises when the function pppol2tp_ioctl() reads user data without appropriate locking or reference counting. If a controlled sleep occurs during the operation, a concurrent socket closure may trigger an asynchronous cleanup process, leading to the use of a stale pointer once the ioctl thread resumes. The vulnerability has been mitigated by employing an RCU-safe, refcounted helper to securely manage session references, ensuring proper access across potential sleep conditions. Existing behaviors were preserved for specific L2TP commands, maintaining robust handling of ioctls on unconnected sockets.

Affected Version(s)

Linux fd558d186df2c13a22455373858bae634a4795af < 78cdfdca88cbf731a92f3b9ee5427c633dd94e28

Linux fd558d186df2c13a22455373858bae634a4795af

Linux fd558d186df2c13a22455373858bae634a4795af < 62f327e287cf7b595ae3f73ba72f5cd2a9e9f39f

References

https://git.kernel.org/stable/c/78cdfdca88cbf731a92f3b9ee...

https://git.kernel.org/stable/c/e251d4cdfc725c9e7d686161e...

https://git.kernel.org/stable/c/62f327e287cf7b595ae3f73ba...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53262 Data

JSON