CVE-2023-53020: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53020 is a vulnerability discovered in the Linux kernel's Layer 2 Tunneling Protocol (L2TP) implementation, specifically in the l2tp_tunnel_register() function. The vulnerability was publicly disclosed on March 27, 2025. The issue affects various Linux distributions including Ubuntu, Debian, and Red Hat Enterprise Linux systems (NVD, Ubuntu).

The vulnerability stems from multiple race conditions in the l2tp_tunnel_register() function. There are three specific issues: 1) modification of the tunnel socket after publishing it, 2) calling setup_udp_tunnel_sock() on an existing socket without proper locking, and 3) changing sock lock class on the fly, which has triggered multiple syzkaller bot reports. The issue was resolved by moving socket initialization code before publishing and implementing it under sock lock. Additionally, the l2tp lockdep class was replaced with bh_lock_sock_nested() (CVE Mitre).

The vulnerability affects the Linux kernel's L2TP implementation, potentially impacting systems running affected versions. Various Linux distributions have confirmed their affected status, including Ubuntu 20.04 LTS (Focal) and several other versions that require updates (Ubuntu).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has fixed the issue in version 5.15.0-70.77 for 22.04 LTS (Jammy) and version 5.15.0-70.77~20.04.1 for 20.04 LTS (Focal). Debian has also released fixes for various versions including bullseye (5.10.234-1) and bookworm (6.1.129-1) (Debian, Ubuntu).