The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in
the Linux kernel 18.104.22.168 does not check for the CAP_NET_ADMIN capability
before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3)
SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local
users to bypass intended capability restrictions.
It was discovered that the SBNI WAN driver did not correctly check
for the NET_ADMIN capability. A malicious local root user lacking
CAP_NET_ADMIN would be able to change the WAN device configuration,
leading to a denial of service.
Updated: 2015-07-29 20:33:14 UTC (commit 9756)