CVE-2022-50783
Description
In the Linux kernel, the following vulnerability has been resolved:
mptcp: use proper req destructor for IPv6
Before, only the destructor from TCP request sock in IPv4 was called even if the subflow was IPv6.
It is important to use the right destructor to avoid memory leaks with some advanced IPv6 features, e.g. when the request socks contain specific IPv6 options.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Linux kernel MPTCP flaw incorrectly used the IPv4 TCP request destructor for IPv6 subflows, causing memory leaks.
Root
Cause
The vulnerability resides in the Linux kernel's Multipath TCP (MPTCP) subsystem, specifically in the handling of connection request sockets for IPv6 subflows. Before the fix, the code universally invoked the TCP request sock destructor designed for IPv4 (via tcp_request_sock_ops) even when the underlying subflow was IPv6. This was incorrect because the IPv6 request socket (tcp6_request_sock) can embed additional fields—such as IPv6-specific options—that are allocated separately and require their own cleanup routine (tcp6_request_sock_ops). By calling the IPv4 destructor, these extra allocations were left unreleased, leading to memory leaks [1][2][3][4].
Exploitation
Prerequisites
The attack surface is local: an unprivileged user or a network-facing service on a system that uses MPTCP with IPv6 subflows can trigger the bug by establishing or accepting MPTCP connections over IPv6. No authentication is required beyond standard network access, and the flaw is reachable without special privileges if the system enables MPTCP (which is common in modern kernels). The bug is purely a kernel memory management error; it does not allow direct code injection or privilege escalation, but it can be repeatedly triggered to exhaust system memory.
Impact
An attacker who can initiate repeated MPTCP IPv6 connections can cause a gradual, sustained memory leak in the kernel. Over time, this can degrade system performance, exhaust available memory, and potentially lead to denial-of-service (system hang or crash). The leak does not corrupt data or provide arbitrary code execution, but it impacts availability. The official description confirms the fix is "important to avoid memory leaks with some advanced IPv6 features" [1].
Mitigation
The vulnerability is fixed in the upstream Linux kernel by commits that switch to using the proper per-protocol destructor based on the address family of the subflow. Users should apply the stable kernel updates containing these patches, which have been backported to multiple stable releases as indicated by the commit references [1][2][3][4]. No workarounds are documented other than updating the kernel.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
56eb02c596ec0bd5dc96fea4e092953f3c4cd1922ea6b0ae2d3295fee3c75Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- git.kernel.org/stable/c/092953f3c4cd65f88b27b87a922f6c725f34ee04nvd
- git.kernel.org/stable/c/1922ea6b0ae2ea0c9a09be0eafafe1cd1069d259nvd
- git.kernel.org/stable/c/6eb02c596ec02e5897ae377e065cb7df55337a96nvd
- git.kernel.org/stable/c/bd5dc96fea4edd16d2e22f41b4dd50a4cfbeb919nvd
- git.kernel.org/stable/c/d3295fee3c756ece33ac0d935e172e68c0a4161bnvd
News mentions
0No linked articles in our index yet.