ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.

Affected Package

OS OS Version Package Name Package Version
ubuntu 14.04 linux-aws 4.4.0-1058.62)available with ubuntu pro or ubuntu pro (infra-only
ubuntu 16.04 linux-aws 4.4.0-1098.109
ubuntu 18.04 linux-aws 4.15.0-1054.56
ubuntu 19.04 linux-aws 5.0.0-1021.24
ubuntu upstream linux-oem-5.6 5.4~rc1
ubuntu 19.04 linux 5.0.0-35.38
ubuntu 14.04 linux any
ubuntu upstream linux 5.4~rc1
ubuntu 16.04 linux 4.4.0-168.197
ubuntu upstream linux-aws-hwe 5.4~rc1
ubuntu 16.04 linux-aws-hwe 4.15.0-1054.56~16.04.1
ubuntu 19.04 linux-azure 5.0.0-1025.27
ubuntu 14.04 linux-azure 4.15.0-1063.68~14.04.1)available with ubuntu pro or ubuntu pro (infra-only
ubuntu upstream linux-azure 5.4~rc1
ubuntu 16.04 linux-azure 4.15.0-1063.68
ubuntu upstream linux-azure-5.3 5.4~rc1
ubuntu upstream linux-azure-edge 5.4~rc1
ubuntu 16.04 linux-azure-edge 4.15.0-1063.68
ubuntu 19.04 linux-gcp 5.0.0-1025.26
ubuntu upstream linux-gcp 5.4~rc1
ubuntu 16.04 linux-gcp 4.15.0-1049.52
ubuntu upstream linux-gcp-5.3 5.4~rc1
ubuntu upstream linux-gcp-edge 5.4~rc1
ubuntu upstream linux-gke-4.15 5.4~rc1
ubuntu upstream linux-gke-5.0 5.4~rc1
ubuntu upstream linux-hwe 5.4~rc1
ubuntu 16.04 linux-hwe 4.15.0-69.78~16.04.1
ubuntu upstream linux-hwe-edge 5.4~rc1
ubuntu 16.04 linux-hwe-edge 4.15.0-69.78~16.04.1
ubuntu 19.04 linux-kvm 5.0.0-1022.24
ubuntu upstream linux-kvm 5.4~rc1
ubuntu 16.04 linux-kvm 4.4.0-1062.69
ubuntu upstream linux-lts-trusty 5.4~rc1
ubuntu 14.04 linux-lts-xenial 4.4.0-168.197~14.04.1)available with ubuntu pro or ubuntu pro (infra-only
ubuntu upstream linux-lts-xenial 5.4~rc1
ubuntu 19.10 linux-oem 4.15.0-1063.72
ubuntu upstream linux-oem 5.4~rc1
ubuntu 16.04 linux-oem any
ubuntu 19.10 linux-oem-osp1 5.0.0-1027.31
ubuntu upstream linux-oem-osp1 5.4~rc1
ubuntu 19.04 linux-oracle 5.0.0-1007.12
ubuntu upstream linux-oracle 5.4~rc1
ubuntu 16.04 linux-oracle 4.15.0-1029.32~16.04.1
ubuntu upstream linux-oracle-5.0 5.4~rc1
ubuntu upstream linux-oracle-5.3 5.4~rc1
ubuntu 19.04 linux-raspi2 5.0.0-1022.23
ubuntu upstream linux-raspi2 5.4~rc1
ubuntu 16.04 linux-raspi2 4.4.0-1125.134
ubuntu upstream linux-raspi2-5.3 5.4~rc1
ubuntu upstream linux-snapdragon 5.4~rc1
ubuntu 16.04 linux-snapdragon 4.4.0-1129.137