An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. References: https://android.googlesource.com/platform/external/libnl/+/f0b40192efd1af977564ed6335d42a8bbdaf650a https://github.com/thom311/libnl/issues/124
Created libnl3 tracking bugs for this issue: Affects: fedora-all [bug 1414305]
This CVE seems to be specific to Android's usage of (its fork of) libnl, allowing calls into libnl to cross process (and therefore privilege) boundaries. On Fedora and Enterprise Linux, libnl inherits the privilege domain of the process which opens it (through dynamic linking or dlopen()) .. like any other shared library. Thus, this does not represent a security vulnerability. The same conclusion has been reached on the upstream ticket: https://github.com/thom311/libnl/issues/124