The sbni_ioctl function in drivers/net/wan/sbni.c in the wan
subsystem in the Linux kernel 18.104.22.168 does not check for the
CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS,
(2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE
ioctl request, which allows local users to bypass intended capability
The relevant patch is included in versions 2.6.25-r7 and 2.6.26-r2 of hardened-sources.
hardened-kernel unaffected at present time. Removing alias.
PS: Anything using >=genpatches-2.6.25-6 is unaffected