ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.
Source: MITRE
Published: 2019-10-01
Updated: 2019-10-25
Type: CWE-276
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
Base Score: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Impact Score: 1.4
Exploitability Score: 1.8
Severity: LOW