The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability.
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
http://www.openwall.com/lists/oss-security/2011/02/25/1
https://bugzilla.redhat.com/show_bug.cgi?id=680360
https://github.com/torvalds/linux/commit/8909c9ad8ff03611c9c96c9a92656213e4bb495b
Source: MITRE
Published: 2013-03-01
Updated: 2020-08-03
Type: NVD-CWE-noinfo
Base Score: 1.9
Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 3.4
Severity: LOW