In the Linux kernel, the following vulnerability has been resolved: net/nfc/rawsock.c: fix a permission check bug The function rawsock_create() calls a privileged function sk_alloc(), which requires a ns-aware check to check net->user_ns, i.e., ns_capable(). However, the original code checks the init_user_ns using capable(). So we replace the capable() with ns_capable().
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | linux | < 5.10.46-1 | linux_5.10.46-1_all.deb |
Debian | 11 | all | linux | < 5.10.46-1 | linux_5.10.46-1_all.deb |
Debian | 999 | all | linux | < 5.10.46-1 | linux_5.10.46-1_all.deb |
Debian | 13 | all | linux | < 5.10.46-1 | linux_5.10.46-1_all.deb |