PT-2024-9253 · Linux+6 · Linux Kernel+6

Congyu Liu

Published

2024-06-20

Updated

2025-09-29

CVE-2022-48757

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue concerns information leakage in the /proc/net/ptype file. After creating a packet socket without binding it to a device in one net namespace, users in other net namespaces can observe the new packet type added by this packet socket by reading the /proc/net/ptype file. This is considered minor information leakage because the packet socket is namespace aware. To address this, a net pointer in packet type has been added to keep the net namespace of the corresponding packet socket, and this net pointer must be checked in ptype seq show when it is not NULL.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-668

Related Identifiers

ALSA-2024:5101

ALSA-2024:5102

ALSA-2025_16880

BDU:2024-10941

CESA-2024_5101

CESA-2024_5102

CVE-2022-48757

INFSA-2024_5101

INFSA-2024_5102

OESA-2024-1862

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024:6206

RHSA-2024_5101

RHSA-2024_5102

RLSA-2024:5101

RLSA-2024:5102

RXSA-2024:5101

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Rocky Linux

PT-2024-9253 · Linux+6 · Linux Kernel+6

CVE-2022-48757

Weakness Enumeration

Related Identifiers

Affected Products

References · 532