UBUNTU-CVE-2022-48757

Description

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new `packet_type` added by this packet socket by reading `/proc/net/ptype` file. This is minor information leakage as packet socket is namespace aware. Add a net pointer in `packet_type` to keep the net namespace of of corresponding packet socket. In `ptype_seq_show`, this net pointer must be checked when it is not NULL.

CVSS Metrics

• v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Systems

• ubuntu•linux

  all | < 4.15.0-176.185 | < 5.4.0-109.123

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws

  all | < 4.15.0-1127.136 | < 5.4.0-1072.77

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1072.77~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2066.69 | all | < 5.4.0-1072.77+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1127.136~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1137.150~14.04.1 | < 4.15.0-1137.150~16.04.1 | all | < 5.4.0-1077.80

• ubuntu•linux-azure-4.15

  < 4.15.0-1137.150

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1077.80~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.2

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fde-6.2

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2048.52 | all | < 5.4.0-1076.79+fips1

• ubuntu•linux-bluefield

  < 5.4.0-1035.38 | all

• ubuntu•linux-fips

  all | < 4.15.0-1084.93 | < 5.4.0-1048.54

• ubuntu•linux-gcp

  < 4.15.0-1121.135~16.04.1 | all | < 5.4.0-1072.77

• ubuntu•linux-gcp-4.15

  < 4.15.0-1121.135

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1072.77~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2031.34 | all | < 5.4.0-1071.75+fips1

• ubuntu•linux-gke

  all

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  all

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  < 5.4.0-1039.40

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  < 4.15.0-176.185~16.04.1 | all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.19

  all

• ubuntu•linux-hwe-5.4

  < 5.4.0-109.123~18.04.1

Showing first 50 affected entries in server-rendered view.

References (12)

• https://ubuntu.com/security/CVE-2022-48757
• https://www.cve.org/CVERecord?id=CVE-2022-48757
• https://git.kernel.org/linus/47934e06b65637c88a762d9c98329ae6e3238888
• https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779
• https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908
• https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7
• https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54
• https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
• https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6
• https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b
• https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee
• https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888