From 23de317952172b31b157073cd88f7c75a2c20587 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 3 Sep 2020 21:31:34 +0200
Subject: Expand note to cover exploitability

---
 active/CVE-2020-14386 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/active/CVE-2020-14386 b/active/CVE-2020-14386
index beddd64c..afdce4eb 100644
--- a/active/CVE-2020-14386
+++ b/active/CVE-2020-14386
@@ -2,6 +2,10 @@ Description: net/packet: fix overflow in tpacket_rcv
 References:
  https://www.openwall.com/lists/oss-security/2020/09/03/3
 Notes:
+ carnil> To create AF_PACKET sockets one needs CAP_NET_RAW in the
+ carnil> network namepsace, which could be aquired by unprivileged
+ carnil> processes on systems where unprivileged namespaces are enabled.
+ carnil> Debian does not enable those.
 Bugs:
 upstream: needed
 4.19-upstream-stable: needed
-- 
cgit v1.2.3