CVE-2022-4129 – kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference

https://notcve.org/view.php?id=CVE-2022-4129

28 Nov 2022 — A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. Se encontró una falla en Layer 2 Tunneling Protocol (L2TP) del kernel de Linux. Un bloqueo faltante al borrar sk_user_data puede provocar una condición de ejecución y una desreferencia del puntero NULL. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html • CWE-476: NULL Pointer Dereference CWE-667: Improper Locking •