A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.
4.13.0-16.194.13.0-17.204.13.0-25.294.13.0-32.354.15.0-10.114.15.0-101.1024.15.0-106.1074.15.0-108.1094.15.0-109.1104.15.0-111.112+130 more5.3.0-18.195.3.0-24.265.4.0-100.1135.4.0-104.1185.4.0-105.1195.4.0-107.1215.4.0-109.1235.4.0-110.1245.4.0-113.1275.4.0-117.132+68 more5.4.0-152.1693.11.0-12.195.13.0-19.195.15.0-17.175.15.0-18.185.15.0-22.225.15.0-23.235.15.0-25.255.15.0-27.285.15.0-30.315.15.0-33.345.15.0-35.36+21 more5.15.0-75.824.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.184.4.0-2.166.5.0-9.96.11.0-8.84.15.0-1001.14.15.0-1003.34.15.0-1005.54.15.0-1006.64.15.0-1007.74.15.0-1009.94.15.0-1010.104.15.0-1011.114.15.0-1016.164.15.0-1017.17+116 more5.13.0-1005.65.15.0-1002.45.15.0-1003.55.15.0-1004.65.15.0-1005.75.15.0-1008.105.15.0-1009.115.15.0-1011.145.15.0-1013.175.15.0-1014.18+17 more5.15.0-1038.435.3.0-1003.35.3.0-1008.95.3.0-1009.105.3.0-1010.115.4.0-1005.55.4.0-1007.75.4.0-1008.85.4.0-1009.95.4.0-1011.115.4.0-1015.15+60 more5.4.0-1104.112Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:NI:HA:NCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N