ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.
During installation, installed file permissions are set to allow anyone to modify those files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 5.3.2 (including) |
Red Hat Enterprise Linux 7 | RedHat | kernel-rt-0:3.10.0-1160.rt56.1131.el7 | * |
Red Hat Enterprise Linux 7 | RedHat | kernel-0:3.10.0-1160.el7 | * |
Red Hat Enterprise Linux 8 | RedHat | kernel-rt-0:4.18.0-193.rt13.51.el8 | * |
Red Hat Enterprise Linux 8 | RedHat | kernel-0:4.18.0-193.el8 | * |
Linux | Ubuntu | bionic | * |
Linux | Ubuntu | disco | * |
Linux | Ubuntu | esm-infra-legacy/trusty | * |
Linux | Ubuntu | precise/esm | * |
Linux | Ubuntu | trusty | * |
Linux | Ubuntu | trusty/esm | * |
Linux | Ubuntu | upstream | * |
Linux | Ubuntu | xenial | * |
Linux-aws | Ubuntu | bionic | * |
Linux-aws | Ubuntu | disco | * |
Linux-aws | Ubuntu | trusty | * |
Linux-aws | Ubuntu | trusty/esm | * |
Linux-aws | Ubuntu | upstream | * |
Linux-aws | Ubuntu | xenial | * |
Linux-aws-5.0 | Ubuntu | upstream | * |
Linux-aws-hwe | Ubuntu | upstream | * |
Linux-aws-hwe | Ubuntu | xenial | * |
Linux-azure | Ubuntu | bionic | * |
Linux-azure | Ubuntu | disco | * |
Linux-azure | Ubuntu | trusty | * |
Linux-azure | Ubuntu | trusty/esm | * |
Linux-azure | Ubuntu | upstream | * |
Linux-azure | Ubuntu | xenial | * |
Linux-azure-5.3 | Ubuntu | upstream | * |
Linux-azure-edge | Ubuntu | bionic | * |
Linux-azure-edge | Ubuntu | esm-infra/bionic | * |
Linux-azure-edge | Ubuntu | upstream | * |
Linux-azure-edge | Ubuntu | xenial | * |
Linux-gcp | Ubuntu | bionic | * |
Linux-gcp | Ubuntu | disco | * |
Linux-gcp | Ubuntu | upstream | * |
Linux-gcp | Ubuntu | xenial | * |
Linux-gcp-5.3 | Ubuntu | upstream | * |
Linux-gcp-edge | Ubuntu | bionic | * |
Linux-gcp-edge | Ubuntu | esm-infra/bionic | * |
Linux-gcp-edge | Ubuntu | upstream | * |
Linux-gke-4.15 | Ubuntu | bionic | * |
Linux-gke-4.15 | Ubuntu | upstream | * |
Linux-gke-5.0 | Ubuntu | bionic | * |
Linux-gke-5.0 | Ubuntu | upstream | * |
Linux-gke-5.3 | Ubuntu | upstream | * |
Linux-hwe | Ubuntu | bionic | * |
Linux-hwe | Ubuntu | upstream | * |
Linux-hwe | Ubuntu | xenial | * |
Linux-hwe-edge | Ubuntu | bionic | * |
Linux-hwe-edge | Ubuntu | esm-infra/bionic | * |
Linux-hwe-edge | Ubuntu | upstream | * |
Linux-hwe-edge | Ubuntu | xenial | * |
Linux-kvm | Ubuntu | bionic | * |
Linux-kvm | Ubuntu | disco | * |
Linux-kvm | Ubuntu | upstream | * |
Linux-kvm | Ubuntu | xenial | * |
Linux-lts-trusty | Ubuntu | precise/esm | * |
Linux-lts-trusty | Ubuntu | upstream | * |
Linux-lts-xenial | Ubuntu | trusty | * |
Linux-lts-xenial | Ubuntu | trusty/esm | * |
Linux-lts-xenial | Ubuntu | upstream | * |
Linux-oem | Ubuntu | bionic | * |
Linux-oem | Ubuntu | disco | * |
Linux-oem | Ubuntu | eoan | * |
Linux-oem | Ubuntu | upstream | * |
Linux-oem | Ubuntu | xenial | * |
Linux-oem-5.6 | Ubuntu | upstream | * |
Linux-oem-osp1 | Ubuntu | bionic | * |
Linux-oem-osp1 | Ubuntu | disco | * |
Linux-oem-osp1 | Ubuntu | eoan | * |
Linux-oem-osp1 | Ubuntu | upstream | * |
Linux-oracle | Ubuntu | bionic | * |
Linux-oracle | Ubuntu | disco | * |
Linux-oracle | Ubuntu | upstream | * |
Linux-oracle | Ubuntu | xenial | * |
Linux-oracle-5.0 | Ubuntu | upstream | * |
Linux-oracle-5.3 | Ubuntu | upstream | * |
Linux-raspi2 | Ubuntu | bionic | * |
Linux-raspi2 | Ubuntu | disco | * |
Linux-raspi2 | Ubuntu | upstream | * |
Linux-raspi2 | Ubuntu | xenial | * |
Linux-raspi2-5.3 | Ubuntu | upstream | * |
Linux-snapdragon | Ubuntu | bionic | * |
Linux-snapdragon | Ubuntu | disco | * |
Linux-snapdragon | Ubuntu | upstream | * |
Linux-snapdragon | Ubuntu | xenial | * |