The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in
the Linux kernel 220.127.116.11 does not check for the CAP_NET_ADMIN capability
before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3)
SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local
users to bypass intended capability restrictions.
It was discovered that the SBNI WAN driver did not correctly check
for the NET_ADMIN capability. A malicious local root user lacking
CAP_NET_ADMIN would be able to change the WAN device configuration,
leading to a denial of service.
Updated: 2016-01-26 17:31:29 UTC (commit 10507)