Linux · Linux Kernel · CVE-2022-48757
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue concerns information leakage in the `/proc/net/ptype` file. After creating a packet socket without binding it to a device in one net namespace, users in other net namespaces can observe the new `packet type` added by this packet socket by reading the `/proc/net/ptype` file. This is considered minor information leakage because the packet socket is namespace aware. To address this, a net pointer in `packet type` has been added to keep the net namespace of the corresponding packet socket, and this net pointer must be checked in `ptype seq show` when it is not NULL.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.