The Netlink implementation in the Linux kernel through 3...
Low severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Apr 16, 2023
Description
Published by the National Vulnerability Database
Apr 27, 2014
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Apr 16, 2023
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.
References