Kevin Cernekee

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.14.5 **Description** The issue allows local users to bypass intended access restrictions. This is due to the lack of requirement for the CAP NET ADMIN capability for certain operations in the net/netfilter/nfnetlink cthelper.c module. The nfnl cthelper list data structure is shared across all net namespaces, which contributes to the problem. **Recommendations** For Linux kernel versions prior to 4.14.5, update to version 4.14.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.14.5 **Description** The issue allows local users to obtain sensitive information by leveraging the CAP NET ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. This is due to the netlink deliver tap skb function in net/netlink/af netlink.c not restricting observations of Netlink messages to a single net namespace when CONFIG NLMON is enabled. **Recommendations** For Linux kernel versions prior to 4.14.5, update to version 4.14.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.14.5 **Description** The issue allows local users to bypass intended access restrictions. This is due to the fact that the `xt osf fingers` data structure is shared across all net namespaces, and the `add callback` and `remove callback` operations do not require the `CAP NET ADMIN` capability. **Recommendations** For Linux kernel versions prior to 4.14.5, update to version 4.14.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenConnect versions prior to 4.08 **Description** The issue is related to multiple stack-based buffer overflows in the http.c file of OpenConnect. These overflows can be triggered by remote VPN gateways sending responses with long hostnames, paths, or cookie lists, leading to a denial of service in the form of an application crash. The vulnerability can be exploited remotely and may result in the disruption of protected information availability. **Recommendations** For OpenConnect versions prior to 4.08, update to version 4.08 or later to resolve the issue. As a temporary workaround, consider restricting the length of hostnames, paths, and cookie lists in responses from remote VPN gateways to prevent the buffer overflows.