CVE-2022-50071

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A issue in the Linux kernel has been resolved, related to the MPTCP protocol. When the mptcp socket creation fails due to a CGROUP INET SOCK CREATE eBPF program, the MPTCP protocol leaks all the subflows because the related cleanup happens in mptcp destroy sock(), which is not invoked in this code path. The fix involves moving the subflow sockets cleanup to the mptcp destroy common() helper, which is invoked in every msk cleanup path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.