A flaw was found in the Linux kernels implementation of string matching within a packet. A privileged user ( with root or CAP_NET_ADMIN ) when inserting iptables rules could insert a rule which can panic the system. This could lead to a denial of service or possibly worse. Further investigation is ongoing. Upstream patch: https://github.com/torvalds/linux/commit/ca58fbe06c54 Upstream bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=209823
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1914720]
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This was fixed for Fedora with the 5.5 kernel rebases.