CVE-2022-48757

net: fix information leakage in /proc/net/ptype

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding
it to a device, users in other net namespaces can observe the new
`packet_type` added by this packet socket by reading `/proc/net/ptype`
file. This is minor information leakage as packet socket is
namespace aware. Add a net pointer in `packet_type` to keep the net namespace of
of corresponding packet socket. In `ptype_seq_show`, this net pointer
must be checked when it is not NULL.

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new `packet_type` added by this packet socket by reading `/proc/net/ptype` file. This is minor information leakage as packet socket is namespace aware. Add a net pointer in `packet_type` to keep the net namespace of of corresponding packet socket. In `ptype_seq_show`, this net pointer must be checked when it is not NULL.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-20 CVE Reserved
2024-06-20 CVE Published
2024-12-19 CVE Updated
2025-03-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-276: Incorrect Default Permissions

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779	2022-02-03
https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908	2022-02-08
https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7	2022-02-08
https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54	2022-02-08
https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092	2022-02-01
https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6	2022-02-01
https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b	2022-02-01
https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee	2022-02-01
https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888	2022-01-20

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-48757	2024-09-03
https://bugzilla.redhat.com/show_bug.cgi?id=2293383	2024-09-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.26 < 4.4.302 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.26 < 4.4.302"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.26 < 4.9.300 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.26 < 4.9.300"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.26 < 4.14.265 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.26 < 4.14.265"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.26 < 4.19.228 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.26 < 4.19.228"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.26 < 5.4.176 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.26 < 5.4.176"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.26 < 5.10.96 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.26 < 5.10.96"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.26 < 5.15.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.26 < 5.15.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.26 < 5.16.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.26 < 5.16.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.26 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.26 < 5.17"		en		Affected