CVE-2022-48757

net: fix information leakage in /proc/net/ptype

Description

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new `packet_type` added by this packet socket by reading `/proc/net/ptype` file. This is minor information leakage as packet socket is namespace aware. Add a net pointer in `packet_type` to keep the net namespace of of corresponding packet socket. In `ptype_seq_show`, this net pointer must be checked when it is not NULL.

N/A
CVSS
Severity:
EPSS 0.20%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779
https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908
https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7
https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54
https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6
https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b
https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee
https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888

Frequently Asked Questions

What is the severity of CVE-2022-48757?
CVE-2022-48757 has not yet been assigned a CVSS score.
How to fix CVE-2022-48757?
To fix CVE-2022-48757, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48757 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-48757 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48757?
CVE-2022-48757 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.