CVE-2022-48757

Updated: 2026-02-08 02:27:39.162843

Description:

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new `packet_type` added by this packet socket by reading `/proc/net/ptype` file. This is minor information leakage as packet socket is namespace aware. Add a net pointer in `packet_type` to keep the net namespace of of corresponding packet socket. In `ptype_seq_show`, this net pointer must be checked when it is not NULL.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.1

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.1 HIGH Already Fixed 2025-09-23 21:21:52 Fixed in kernel-5.14.0-94.el9
CentOS 6 ELS kernel 2.6.32 7.1 HIGH Released CLSA-2025:1762454401 2025-11-10 19:28:08 Ignored due to low severity
CentOS 7 ELS kernel 3.10.0 7.1 HIGH Released CLSA-2025:1759431860 2025-10-15 23:34:34 Ignored due to low severity
CentOS 8.4 ELS kernel 4.18.0 7.1 HIGH Released CLSA-2024:1725872696 2024-09-09 05:25:34
CentOS 8.5 ELS kernel 4.18.0 7.1 HIGH Released CLSA-2024:1725876080 2024-09-09 12:15:40
CentOS Stream 8 ELS kernel 4.18.0 7.1 HIGH Released CLSA-2026:1770032032 2026-02-02 16:30:17 Ignored due to low severity
CloudLinux 6 ELS kernel 2.6.32 7.1 HIGH Needs Triage 2025-09-20 06:10:57 Ignored due to low severity
CloudLinux 7 ELS kernel 3.10.0 7.1 HIGH Ignored 2025-09-23 10:57:46 Postponed until request or high risk detected
Oracle Linux 6 ELS kernel 2.6.32 7.1 HIGH Released CLSA-2025:1762455270 2025-11-07 02:57:49 Ignored due to low severity
Oracle Linux 7 ELS kernel 3.10.0 7.1 HIGH Released CLSA-2025:1759431869 2025-10-02 23:04:09
Total: 13