Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-48757HistoryJun 20, 2024 - 12:15 p.m.
CVE-2022-48757
2024-06-2012:15:13
Debian Security Bug Tracker
security-tracker.debian.org
1
cve-2022-48757
net
information leakage
/proc/net/ptype
unix
In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packet_type added by this packet socket by reading /proc/net/ptype file. This is minor information leakage as packet socket is namespace aware. Add a net pointer in packet_type to keep the net namespace of of corresponding packet socket. In ptype_seq_show, this net pointer must be checked when it is not NULL.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | < 5.16.7-1 | linux_5.16.7-1_all.deb |
| Debian | 11 | all | linux | < 5.10.103-1 | linux_5.10.103-1_all.deb |
| Debian | 10 | all | linux | < 4.19.232-1 | linux_4.19.232-1_all.deb |
| Debian | 999 | all | linux | < 5.16.7-1 | linux_5.16.7-1_all.deb |
| Debian | 13 | all | linux | < 5.16.7-1 | linux_5.16.7-1_all.deb |
Related
cvelist
cvelist
CVE-2022-48757 net: fix information leakage in /proc/net/ptype
2024-06-20 11:13:36
nvd
nvd
CVE-2022-48757
2024-06-20 12:15:13
cve
cve
CVE-2022-48757
2024-06-20 12:15:13
redhatcve
redhatcve
CVE-2022-48757
2024-06-20 14:52:59
ubuntucve
ubuntucve
CVE-2022-48757
2024-06-20 00:00:00
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.1%
Related for DEBIANCVE:CVE-2022-48757