In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix signed integer overflow in l2tpip6sendmsg
When len >= INT_MAX - transhdrlen, ulen = len + transhdrlen will be overflow. To fix, we can follow what udpv6 does and subtract the transhdrlen from the max.