3 matches found
CVE-2017-17449
CVE-2017-17449 affects the Linux kernel: the __netlink_deliver_tap_skb function in net/netlink/af_netlink.c can allow local attackers with CAP_NET_ADMIN to sniff Netlink activity across all net namespaces when CONFIG_NLMON is enabled. This results in information disclosure (exposure of kernel Net...
CVE-2017-17448
CVE-2017-17448 affects the Linux kernel’s netfilter nfnetlink_cthelper.c: CAP_NET_ADMIN is not required for new/get/del operations, because nfnl_cthelper_list is shared across all net namespaces. This enables local attackers to bypass access restrictions. Impact is local privilege/access restrict...
CVE-2017-17450
CVE-2017-17450 affects the Linux kernel up to 4.14.4 in net/netfilter/xt_osf.c, where add_callback/remove_callback do not require CAP_NET_ADMIN, allowing local users to bypass intended access controls because xt_osf_fingers is shared across net namespaces. The vulnerability is rooted in privilege...