A local attacker with CAP_NET_RAW privileges can escalate privileges via a memory corruption in net/packet/af_packet.c.
A local attacker with CAP_NET_RAW privileges can escalate privileges via a memory corruption in net/packet/af_packet.c.
https://www.openwall.com/lists/oss-security/2020/09/03/3
Mitigation: If unprivileged user namespaces are not needed, set the kernel.unprivileged_userns_clone sysctl to 0: $ sudo sysctl kernel.unprivileged_userns_clone=0