CVE-2022-50783

Summary

In the Linux kernel, the following vulnerability has been resolved:

mptcp: use proper req destructor for IPv6

Before, only the destructor from TCP request sock in IPv4 was called even if the subflow was IPv6.

It is important to use the right destructor to avoid memory leaks with some advanced IPv6 features, e.g. when the request socks contain specific IPv6 options.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux79c0949e9a09f6a14a6dd18dc8396029423f9b68 < 6eb02c596ec02e5897ae377e065cb7df55337a96affected
LinuxLinux79c0949e9a09f6a14a6dd18dc8396029423f9b68 < bd5dc96fea4edd16d2e22f41b4dd50a4cfbeb919affected
LinuxLinux79c0949e9a09f6a14a6dd18dc8396029423f9b68 < 092953f3c4cd65f88b27b87a922f6c725f34ee04affected
LinuxLinux79c0949e9a09f6a14a6dd18dc8396029423f9b68 < 1922ea6b0ae2ea0c9a09be0eafafe1cd1069d259affected
LinuxLinux79c0949e9a09f6a14a6dd18dc8396029423f9b68 < d3295fee3c756ece33ac0d935e172e68c0a4161baffected
LinuxLinux5.6affected
LinuxLinux0 < 5.6unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.87 <= 5.15.*unaffected
LinuxLinux6.0.18 <= 6.0.*unaffected
LinuxLinux6.1.4 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References