CVE-2022-48757

HIGH

Linux Kernel - Information Disclosure via /proc/net/ptype

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new `packet_type` added by this packet socket by reading `/proc/net/ptype` file. This is minor information leakage as packet socket is namespace aware. Add a net pointer in `packet_type` to keep the net namespace of of corresponding packet socket. In `ptype_seq_show`, this net pointer must be checked when it is not NULL.

References (9)

Core 9

Scores

CVSS v3 7.1
EPSS 0.0022
EPSS Percentile 12.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-668
Status published
Products (30)
linux/Kernel 2.6.26 - 4.4.302linux
linux/Kernel 4.10.0 - 4.14.265linux
linux/Kernel 4.15.0 - 4.19.228linux
linux/Kernel 4.20.0 - 5.4.176linux
linux/Kernel 4.5.0 - 4.9.300linux
linux/Kernel 5.11.0 - 5.15.19linux
linux/Kernel 5.16.0 - 5.16.5linux
linux/Kernel 5.5.0 - 5.10.96linux
Linux/Linux < 2.6.26
Linux/Linux 2.6.26
... and 20 more
Published Jun 20, 2024
Tracked Since Feb 18, 2026