CVE-2022-50071

Source
https://cve.org/CVERecord?id=CVE-2022-50071
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50071.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50071
Downstream
Published
2025-06-18T11:02:15.896Z
Modified
2026-04-02T08:28:12.610173Z
Summary
mptcp: move subflow cleanup in mptcp_destroy_common()
Details

In the Linux kernel, the following vulnerability has been resolved:

mptcp: move subflow cleanup in mptcpdestroycommon()

If the mptcp socket creation fails due to a CGROUPINETSOCK_CREATE eBPF program, the MPTCP protocol ends-up leaking all the subflows: the related cleanup happens in __mptcpdestroysock() that is not invoked in such code path.

Address the issue moving the subflow sockets cleanup in the mptcpdestroycommon() helper, which is invoked in every msk cleanup path.

Additionally get rid of the intermediate listspliceinit step, which is an unneeded relic from the past.

The issue is present since before the reported root cause commit, but any attempt to backport the fix before that hash will require a complete rewrite.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50071.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e16163b6e2b720fb74e5af758546f6dad27e6c9e
Fixed
6139039c8fc5c9dbcdc3ad389b9a6d0cacb4d693
Fixed
c0bf3c6aa444a5ef44acc57ef6cfa53fd4fc1c9b

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50071.json"