Linux Kernel L2TP Memory Leak Vulnerability in UDP Encapsulation Reception

A memory leak vulnerability has been identified in the Linux kernel's L2TP (Layer 2 Tunneling Protocol) implementation, specifically within the UDP encapsulation reception function. This issue affects several versions of the Linux kernel. The vulnerability arises because the validation of the protocol version was moved to a later stage in the reception process, creating a need for additional error handling to prevent the memory leak. As a result, references to L2TP session objects are not properly released, leading to unreferenced objects in memory.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated objects are not properly released, potentially leading to increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by establishing a PPPoL2TP connection that triggers the 'l2tp_udp_encap_recv' function. The connection process will create L2TP session and tunnel objects, which are not properly released if the protocol version validation fails. This can be verified by monitoring the system's memory usage for unreferenced objects after the connection is terminated.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.