net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.
3.13.0-144.1934.4.0-1016.164.4.0-119.143~14.04.14.4.0-119.1434.4.0-1054.634.13.0-1014.174.13.0-1012.164.13.0-41.46~16.04.14.4.0-1020.254.13.0-1022.24Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H