A vulnerability was found in base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1758249]
kernel-5.3.6-100.fc29, kernel-headers-5.3.6-100.fc29, kernel-tools-5.3.6-100.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
It -may- be possible that a local user can use this to directly control attached ISDN hardware, hanging up the connection or redialing long distance/high fee numbers incurring large fees to the telephony systems.
Mitigation: At this time the only known way to 'mitigate' this flaw is to blacklist the kernel module from being loaded. Creating raw sockets with this protocol is a method of communicating with ISDN hardware, a technology that is becoming less and less common. Check https://access.redhat.com/solutions/41278 for instructions on how to disable the mISDN_core.ko module.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0790 https://access.redhat.com/errata/RHSA-2020:0790
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-17055
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1567 https://access.redhat.com/errata/RHSA-2020:1567
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1769 https://access.redhat.com/errata/RHSA-2020:1769
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060