The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | * | 3.8.5 (including) |
| Linux_kernel | Linux | 3.8.0 (including) | 3.8.0 (including) |
| Linux_kernel | Linux | 3.8.1 (including) | 3.8.1 (including) |
| Linux_kernel | Linux | 3.8.2 (including) | 3.8.2 (including) |
| Linux_kernel | Linux | 3.8.3 (including) | 3.8.3 (including) |
| Linux_kernel | Linux | 3.8.4 (including) | 3.8.4 (including) |
| Linux | Ubuntu | upstream | * |
| Linux-armadaxp | Ubuntu | upstream | * |
| Linux-ec2 | Ubuntu | upstream | * |
| Linux-fsl-imx51 | Ubuntu | lucid | * |
| Linux-fsl-imx51 | Ubuntu | upstream | * |
| Linux-linaro-omap | Ubuntu | devel | * |
| Linux-linaro-omap | Ubuntu | oneiric | * |
| Linux-linaro-omap | Ubuntu | precise | * |
| Linux-linaro-omap | Ubuntu | quantal | * |
| Linux-linaro-omap | Ubuntu | upstream | * |
| Linux-linaro-shared | Ubuntu | devel | * |
| Linux-linaro-shared | Ubuntu | oneiric | * |
| Linux-linaro-shared | Ubuntu | precise | * |
| Linux-linaro-shared | Ubuntu | quantal | * |
| Linux-linaro-shared | Ubuntu | upstream | * |
| Linux-linaro-vexpress | Ubuntu | devel | * |
| Linux-linaro-vexpress | Ubuntu | oneiric | * |
| Linux-linaro-vexpress | Ubuntu | precise | * |
| Linux-linaro-vexpress | Ubuntu | quantal | * |
| Linux-linaro-vexpress | Ubuntu | upstream | * |
| Linux-lts-backport-maverick | Ubuntu | lucid | * |
| Linux-lts-backport-maverick | Ubuntu | upstream | * |
| Linux-lts-backport-oneiric | Ubuntu | upstream | * |
| Linux-lts-quantal | Ubuntu | upstream | * |
| Linux-mvl-dove | Ubuntu | lucid | * |
| Linux-mvl-dove | Ubuntu | upstream | * |
| Linux-qcm-msm | Ubuntu | devel | * |
| Linux-qcm-msm | Ubuntu | lucid | * |
| Linux-qcm-msm | Ubuntu | oneiric | * |
| Linux-qcm-msm | Ubuntu | precise | * |
| Linux-qcm-msm | Ubuntu | quantal | * |
| Linux-qcm-msm | Ubuntu | upstream | * |
| Linux-ti-omap4 | Ubuntu | upstream | * |