QwikSec

Security Database

CVE

CWE

Training

CVE-2022-4129

Published: Nov 28, 2022

Modified: Apr 14, 2025

PUBLISHED

Description

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

Vendor	Product	Versions
n/a	Linux kernel (l2tp)	affected `up to v6.0`

Weaknesses (CWE)

References

https://lore.kernel.org/all/20221114191619.124659-1-jakub%40cloudflare.com/t

https://lore.kernel.org/netdev/20221121085426.21315-1-jakub%40cloudflare.com/t

FEDORA-2022-e4460c41bc

vendor-advisory

FEDORA-2022-b36cd53dca

vendor-advisory

FEDORA-2022-24041b1667

vendor-advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.