Linux kernel is vulnerable to authorization bypass attacks. This is because net/netfilter/nfnetlink_cthelper.c
function does not require the CAP_NET_ADMIN capability for new, get, and del operations. This allows local users to bypass intended access restrictions.
www.securityfocus.com/bid/102117
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.5_Release_Notes/index.html
access.redhat.com/errata/RHSA-2018:0654
access.redhat.com/errata/RHSA-2018:0676
access.redhat.com/errata/RHSA-2018:1062
access.redhat.com/security/cve/CVE-2017-13305
access.redhat.com/security/cve/CVE-2017-15274
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1292927
bugzilla.redhat.com/show_bug.cgi?id=1401061
bugzilla.redhat.com/show_bug.cgi?id=1430418
bugzilla.redhat.com/show_bug.cgi?id=1448770
bugzilla.redhat.com/show_bug.cgi?id=1452589
bugzilla.redhat.com/show_bug.cgi?id=1462329
bugzilla.redhat.com/show_bug.cgi?id=1500894
bugzilla.redhat.com/show_bug.cgi?id=1503749
bugzilla.redhat.com/show_bug.cgi?id=1506255
bugzilla.redhat.com/show_bug.cgi?id=1507270
bugzilla.redhat.com/show_bug.cgi?id=1509264
bugzilla.redhat.com/show_bug.cgi?id=1518274
bugzilla.redhat.com/show_bug.cgi?id=1518638
patchwork.kernel.org/patch/10089373/
usn.ubuntu.com/3617-1/
usn.ubuntu.com/3617-2/
usn.ubuntu.com/3617-3/
usn.ubuntu.com/3619-1/
usn.ubuntu.com/3619-2/
usn.ubuntu.com/3620-1/
usn.ubuntu.com/3620-2/
usn.ubuntu.com/3632-1/
www.debian.org/security/2017/dsa-4073
www.debian.org/security/2018/dsa-4082