{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: mptcp: use proper req destructor for IPv6",
    "id" : "2425114",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425114"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-401",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmptcp: use proper req destructor for IPv6\nBefore, only the destructor from TCP request sock in IPv4 was called\neven if the subflow was IPv6.\nIt is important to use the right destructor to avoid memory leaks with\nsome advanced IPv6 features, e.g. when the request socks contain\nspecific IPv6 options.", "A flaw was discovered in the Linux kernel’s Multipath TCP (MPTCP) implementation where the wrong destructor function was used for IPv6 subflow request sockets. Previously, even when handling IPv6 MPTCP subflows, only the IPv4 request socket destructor was invoked, leaving IPv6-specific fields unmanaged. Under certain conditions advanced IPv6 usage scenarios—such as subflows containing IPv6 options—this can lead to memory not being released properly (memory leaks), and long-running systems may experience degraded performance or instability." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50783\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50783\nhttps://lore.kernel.org/linux-cve-announce/2025122402-CVE-2022-50783-3109@gregkh/T" ],
  "name" : "CVE-2022-50783",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}