CVE-2022-48757
📋 TL;DR
This CVE allows information leakage across Linux network namespaces. When a packet socket is created without binding to a device in one namespace, users in other namespaces can observe the new packet_type by reading /proc/net/ptype. This affects Linux systems using network namespaces with unprivileged users who can access /proc/net/ptype.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
An attacker could map network namespace configurations and identify packet socket usage patterns, potentially aiding in privilege escalation or lateral movement attacks by understanding network isolation boundaries.
Likely Case
Information disclosure about network namespace configurations, revealing what types of packet sockets exist in other namespaces, which could help attackers understand system architecture.
If Mitigated
Minimal impact - only reveals existence of packet sockets without binding, no data exfiltration or system compromise.
🎯 Exploit Status
Exploitation is straightforward - simply reading /proc/net/ptype from a different namespace. However, this is information disclosure only, not a system compromise.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 47934e06b65637c88a762d9c98329ae6e3238888, 839ec7039513a4f84bfbaff953a9393471176bee, 8f88c78d24f6f346919007cd459fd7e51a8c7779, b67ad6170c0ea87391bb253f35d1f78857736e54, be1ca30331c7923c6f376610c1bd6059be9b1908
Vendor Advisory: https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot the system to load the new kernel.
🔧 Temporary Workarounds
Restrict /proc/net/ptype access
linuxLimit access to /proc/net/ptype file to prevent unauthorized users from reading it
chmod 600 /proc/net/ptype
chown root:root /proc/net/ptype
Use namespaced /proc
linuxEnsure /proc is properly namespaced so users cannot see other namespaces' /proc/net/ptype
🧯 If You Can't Patch
- Implement strict access controls on /proc filesystem
- Isolate network namespaces and ensure users cannot access other namespaces' /proc/net/ptype
🔍 How to Verify
Check if Vulnerable:
Check if you can read /proc/net/ptype from a different network namespace and see packet_type entries from other namespacesCheck Version:
uname -rVerify Fix Applied:
After patching, verify that /proc/net/ptype only shows packet_type entries from the current namespace📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to /proc/net/ptype
- Multiple users accessing /proc/net/ptype across namespaces
SIEM Query:
process.name="cat" AND file.path="/proc/net/ptype" OR process.name="less" AND file.path="/proc/net/ptype"🔗 References
- https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888
- https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee
- https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779
- https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54
- https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908
- https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7
- https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6
- https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
- https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b
- https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888
- https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee
- https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779
- https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54
- https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908
- https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7
- https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6
- https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
- https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b
