Bug 2425114 (CVE-2022-50783)

Summary: CVE-2022-50783 kernel: mptcp: use proper req destructor for IPv6
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was discovered in the Linux kernel’s Multipath TCP (MPTCP) implementation where the wrong destructor function was used for IPv6 subflow request sockets. Previously, even when handling IPv6 MPTCP subflows, only the IPv4 request socket destructor was invoked, leaving IPv6-specific fields unmanaged. Under certain conditions advanced IPv6 usage scenarios—such as subflows containing IPv6 options—this can lead to memory not being released properly (memory leaks), and long-running systems may experience degraded performance or instability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-24 14:03:55 UTC 
In the Linux kernel, the following vulnerability has been resolved:

mptcp: use proper req destructor for IPv6

Before, only the destructor from TCP request sock in IPv4 was called
even if the subflow was IPv6.

It is important to use the right destructor to avoid memory leaks with
some advanced IPv6 features, e.g. when the request socks contain
specific IPv6 options.
Comment 1 Alexander B 2025-12-25 01:32:02 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122402-CVE-2022-50783-3109@gregkh/T