7.1

CVE-2022-48757

net: fix information leakage in /proc/net/ptype

In the Linux kernel, the following vulnerability has been resolved:

net: fix information leakage in /proc/net/ptype

In one net namespace, after creating a packet socket without binding
it to a device, users in other net namespaces can observe the new
`packet_type` added by this packet socket by reading `/proc/net/ptype`
file. This is minor information leakage as packet socket is
namespace aware.

Add a net pointer in `packet_type` to keep the net namespace of
of corresponding packet socket. In `ptype_seq_show`, this net pointer
must be checked when it is not NULL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.26 < 4.4.302
LinuxLinux Kernel Version >= 4.5 < 4.9.300
LinuxLinux Kernel Version >= 4.10 < 4.14.265
LinuxLinux Kernel Version >= 4.15 < 4.19.228
LinuxLinux Kernel Version >= 4.20 < 5.4.176
LinuxLinux Kernel Version >= 5.5 < 5.10.96
LinuxLinux Kernel Version >= 5.11 < 5.15.19
LinuxLinux Kernel Version >= 5.16 < 5.16.5
LinuxLinux Kernel Version5.17 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.126
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888
Patch
https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee
Patch
https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779
Patch
https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54
Patch
https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908
Patch
https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7
Patch
https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6
Patch
https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
Patch
https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b
Patch