U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2022-48757 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new `packet_type` added by this packet socket by reading `/proc/net/ptype` file. This is minor information leakage as packet socket is namespace aware. Add a net pointer in `packet_type` to keep the net namespace of of corresponding packet socket. In `ptype_seq_show`, this net pointer must be checked when it is not NULL.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888
https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee
https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779
https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54
https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908
https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7
https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6
https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b

Weakness Enumeration

CWE-ID CWE Name Source

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2022-48757
NVD Published Date:
06/20/2024
NVD Last Modified:
06/20/2024
Source:
kernel.org