CVE-2022-48757
Published: Jun 20, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new `packet_type` added by this packet socket by reading `/proc/net/ptype` file. This is minor information leakage as packet socket is namespace aware. Add a net pointer in `packet_type` to keep the net namespace of of corresponding packet socket. In `ptype_seq_show`, this net pointer must be checked when it is not NULL.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 - < 8f88c78d24f6f346919007cd459fd7e51a8c7779affected 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 - < be1ca30331c7923c6f376610c1bd6059be9b1908affected 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 - < c38023032a598ec6263e008d62c7f02def72d5c7affected 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 - < b67ad6170c0ea87391bb253f35d1f78857736e54affected 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 - < e372ecd455b6ebc7720f52bf4b5f5d44d02f2092+4 more versions |
Linux | Linux | affected 2.6.26unaffected 0 - < 2.6.26unaffected 4.4.302 - <= 4.4.*unaffected 4.9.300 - <= 4.9.*unaffected 4.14.265 - <= 4.14.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now