{"id":"AZL-70352","summary":"CVE-2022-50071 affecting package kernel 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: move subflow cleanup in mptcp_destroy_common()\n\nIf the mptcp socket creation fails due to a CGROUP_INET_SOCK_CREATE\neBPF program, the MPTCP protocol ends-up leaking all the subflows:\nthe related cleanup happens in __mptcp_destroy_sock() that is not\ninvoked in such code path.\n\nAddress the issue moving the subflow sockets cleanup in the\nmptcp_destroy_common() helper, which is invoked in every msk cleanup\npath.\n\nAdditionally get rid of the intermediate list_splice_init step, which\nis an unneeded relic from the past.\n\nThe issue is present since before the reported root cause commit, but\nany attempt to backport the fix before that hash will require a complete\nrewrite.","modified":"2026-04-21T04:36:22.971594Z","published":"2025-06-18T11:15:35Z","upstream":["CVE-2022-50071"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50071"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70352.json"}}],"schema_version":"1.7.5"}