CVE-2022-49018

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc5

Description A bug in the Linux kernel has been resolved, specifically in the mptcp protocol. The issue occurred when a sleeping function was called from an invalid context at close time, resulting in a splat. The problem was caused by calling mptcp close under the 'fast' socket lock variant, which has been replaced with sock lock nested() to fix the issue. The mptcp close function is called when the msk socket is closed, and it is related to the mptcp close ssk and mptcp subflow queue clean functions.

Recommendations To resolve the issue, update the Linux kernel to a version newer than 6.1.0-rc5. As a temporary workaround, consider disabling the mptcp close function until a patch is available. Restrict access to the mptcp protocol to minimize the risk of exploitation.