cve/published/2022/CVE-2022-48757.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-48757: net: fix information leakage in /proc/net/ptype

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 net: fix information leakage in /proc/net/ptype

 In one net namespace, after creating a packet socket without binding
 it to a device, users in other net namespaces can observe the new
 `packet_type` added by this packet socket by reading `/proc/net/ptype`
 file. This is minor information leakage as packet socket is
 namespace aware.

 Add a net pointer in `packet_type` to keep the net namespace of
 of corresponding packet socket. In `ptype_seq_show`, this net pointer
 must be checked when it is not NULL.

 The Linux kernel CVE team has assigned CVE-2022-48757 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 4.4.302 with commit 8f88c78d24f6f346919007cd459fd7e51a8c7779
 	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 4.9.300 with commit be1ca30331c7923c6f376610c1bd6059be9b1908
 	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 4.14.265 with commit c38023032a598ec6263e008d62c7f02def72d5c7
 	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 4.19.228 with commit b67ad6170c0ea87391bb253f35d1f78857736e54
 	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 5.4.176 with commit e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
 	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 5.10.96 with commit db044d97460ea792110eb8b971e82569ded536c6
 	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 5.15.19 with commit e43669c77cb3a742b7d84ecdc7c68c4167a7709b
 	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 5.16.5 with commit 839ec7039513a4f84bfbaff953a9393471176bee
 	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 5.17 with commit 47934e06b65637c88a762d9c98329ae6e3238888

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-48757
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	include/linux/netdevice.h
 	net/core/net-procfs.c
 	net/packet/af_packet.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779
 	https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908
 	https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7
 	https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54
 	https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
 	https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6
 	https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b
 	https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee
 	https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-48757: net: fix information leakage in /proc/net/ptype

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	net: fix information leakage in /proc/net/ptype

	In one net namespace, after creating a packet socket without binding
	it to a device, users in other net namespaces can observe the new
	`packet_type` added by this packet socket by reading `/proc/net/ptype`
	file. This is minor information leakage as packet socket is
	namespace aware.

	Add a net pointer in `packet_type` to keep the net namespace of
	of corresponding packet socket. In `ptype_seq_show`, this net pointer
	must be checked when it is not NULL.

	The Linux kernel CVE team has assigned CVE-2022-48757 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 4.4.302 with commit 8f88c78d24f6f346919007cd459fd7e51a8c7779
	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 4.9.300 with commit be1ca30331c7923c6f376610c1bd6059be9b1908
	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 4.14.265 with commit c38023032a598ec6263e008d62c7f02def72d5c7
	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 4.19.228 with commit b67ad6170c0ea87391bb253f35d1f78857736e54
	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 5.4.176 with commit e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 5.10.96 with commit db044d97460ea792110eb8b971e82569ded536c6
	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 5.15.19 with commit e43669c77cb3a742b7d84ecdc7c68c4167a7709b
	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 5.16.5 with commit 839ec7039513a4f84bfbaff953a9393471176bee
	Issue introduced in 2.6.26 with commit 2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 and fixed in 5.17 with commit 47934e06b65637c88a762d9c98329ae6e3238888

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-48757
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	include/linux/netdevice.h
	net/core/net-procfs.c
	net/packet/af_packet.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779
	https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908
	https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7
	https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54
	https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
	https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6
	https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b
	https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee
	https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888