A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.

The mitigation for the Red Hat Enterprise Linux 8 is to disable for unprivileged user possibilities of running unshare(CLONE_NEWUSER) or unshare(CLONE_NEWNET) that could be done with the next command:
echo 0 > /proc/sys/user/max_user_namespaces

For making this change in configuration permanent.
Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.
Configure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the "/etc/sysctl.d/" directory:

user.max_user_namespaces = 0

The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:

$ sudo sysctl --system

The other mitigation for containers, if without disabling user namespaces, is blocking the pertinent syscalls in a seccomp policy file. For more information about seccomp, please read: https://www.openshift.com/blog/seccomp-for-fun-and-profit