CVE-2022-50071

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mptcp: move subflow cleanup in mptcp_destroy_common()<br /> <br /> If the mptcp socket creation fails due to a CGROUP_INET_SOCK_CREATE<br /> eBPF program, the MPTCP protocol ends-up leaking all the subflows:<br /> the related cleanup happens in __mptcp_destroy_sock() that is not<br /> invoked in such code path.<br /> <br /> Address the issue moving the subflow sockets cleanup in the<br /> mptcp_destroy_common() helper, which is invoked in every msk cleanup<br /> path.<br /> <br /> Additionally get rid of the intermediate list_splice_init step, which<br /> is an unneeded relic from the past.<br /> <br /> The issue is present since before the reported root cause commit, but<br /> any attempt to backport the fix before that hash will require a complete<br /> rewrite.