{"id":"CVE-2022-48757","summary":"net: fix information leakage in /proc/net/ptype","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix information leakage in /proc/net/ptype\n\nIn one net namespace, after creating a packet socket without binding\nit to a device, users in other net namespaces can observe the new\n`packet_type` added by this packet socket by reading `/proc/net/ptype`\nfile. This is minor information leakage as packet socket is\nnamespace aware.\n\nAdd a net pointer in `packet_type` to keep the net namespace of\nof corresponding packet socket. In `ptype_seq_show`, this net pointer\nmust be checked when it is not NULL.","modified":"2026-04-11T12:41:17.992666Z","published":"2024-06-20T11:13:36.529Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48757.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888"},{"type":"WEB","url":"https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54"},{"type":"WEB","url":"https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48757.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48757"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50"},{"fixed":"8f88c78d24f6f346919007cd459fd7e51a8c7779"},{"fixed":"be1ca30331c7923c6f376610c1bd6059be9b1908"},{"fixed":"c38023032a598ec6263e008d62c7f02def72d5c7"},{"fixed":"b67ad6170c0ea87391bb253f35d1f78857736e54"},{"fixed":"e372ecd455b6ebc7720f52bf4b5f5d44d02f2092"},{"fixed":"db044d97460ea792110eb8b971e82569ded536c6"},{"fixed":"e43669c77cb3a742b7d84ecdc7c68c4167a7709b"},{"fixed":"839ec7039513a4f84bfbaff953a9393471176bee"},{"fixed":"47934e06b65637c88a762d9c98329ae6e3238888"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48757.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.26"},{"fixed":"4.4.302"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.5.0"},{"fixed":"4.9.300"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.10.0"},{"fixed":"4.14.265"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.228"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.176"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.96"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.19"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.16.5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48757.json"}}],"schema_version":"1.7.5"}