Описание
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.
Отчет
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as the affected driver is not enabled in these kernels by default. The affected driver is enabled by default in Red Hat Enterprise Linux 2.1, 3, 5, and Red Hat Enterprise MRG. As Red Hat Enterprise Linux 2.1 and 3 are now in Production 3 of their maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata, and this issue has been rated as having moderate impact, the fix for this issue is not currently planned to be included in the future updates.
Дополнительная информация
Статус:
EPSS
2.1 Low
CVSS2
Связанные уязвимости
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kern ...
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.
ELSA-2009-0326: kernel security and bug fix update (IMPORTANT)
EPSS
2.1 Low
CVSS2