SB20260216120 - Race condition within a thread in Linux kernel l2tp
Published: February 16, 2026
Security Bulletin ID
SB20260216120
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition within a thread (CVE-ID: CVE-2026-23120)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the l2tp_tunnel_del_work() function in net/l2tp/l2tp_core.c. A local user can corrupt data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1f63ca44b4f419a1663d94d1bb0b4e2beb73fdb4
- https://git.kernel.org/stable/c/32d417497b79efb403d75f4c185fe6fd9d64b94f
- https://git.kernel.org/stable/c/36c40a80109f1771d59558050b1a71e13c60c759
- https://git.kernel.org/stable/c/3d6d414b214ce31659bded2f8df50c93a3769474
- https://git.kernel.org/stable/c/68e92085427c84e7679ddb53c0d68836d220b6e7
- https://git.kernel.org/stable/c/7a29f6bf60f2590fe5e9c4decb451e19afad2bcf
- https://git.kernel.org/stable/c/eae074dab764ea181bbed5e88626889319177498