The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in
the Linux kernel 22.214.171.124 does not check for the CAP_NET_ADMIN capability
before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3)
SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local
users to bypass intended capability restrictions.
It was discovered that the SBNI WAN driver did not correctly check
for the NET_ADMIN capability. A malicious local root user lacking
CAP_NET_ADMIN would be able to change the WAN device configuration,
leading to a denial of service.
Updated: 2015-10-17 03:30:33 UTC (commit 10086)