On Wed, Oct 11, 2023 at 4:45 PM KLH 111111 klh111111@outlook.com wrote:
Is anyone else worried about this? I found it via redhat.com
NVD - CVE-2023-39192 (nist.gov)
It's going to apply to all distributions, because it's a kernel issue, *but*.,.. it's just Moderate severity because it involves a local privileged attacker. I'm just a user these days, my only adminning is personal web servers, but presumably "privileged" in this context means a user who can manipulate the Netfilter subsystem.
So it's largely a question of "who can run `ufw` or `iptables`?". That's probably a fairly short list, and those users can probably damage your system or exfiltrate data through other means. Security is, after all, a question of layers and the Swiss cheese effect.