From f6d25bf1f57fa96d3b5a8e713e456545f1cd18bd Mon Sep 17 00:00:00 2001
From: John Johansen <john@jjmx.net>
Date: Sun, 2 Jun 2024 09:16:24 +0000
Subject: [PATCH] Update unprivileged_userns_restriction

---
 unprivileged_userns_restriction.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/unprivileged_userns_restriction.md b/unprivileged_userns_restriction.md
index ca4041b..e3fd55f 100644
--- a/unprivileged_userns_restriction.md
+++ b/unprivileged_userns_restriction.md
@@ -6,7 +6,7 @@ However while unprivileged user namespaces have been beneficial by reducing the
 
 This has lead to many real world CVEs. Examples (to pick a few):
 
-* [CVE-2024-1086](https://nvd.nist.gov/vuln/detail/CVE-2024-1086): to exploit, needs to be able to add netfilter rules
+* [CVE-2024-1086](https://nvd.nist.gov/vuln/detail/CVE-2024-1086): to exploit, needs to be able to add netfilter rules, granted by `CAP_NET_ADMIN` in a new user and network namespace.
 * [CVE-2022-0185](https://nvd.nist.gov/vuln/detail/CVE-2022-0185): to exploit, need to be able to mount a filesystem, granted by `CAP_SYS_ADMIN` in a user namespace.
 * [CVE-2022-1015](https://nvd.nist.gov/vuln/detail/CVE-2022-1015): to exploit, need to be able to add netfilter rules, granted by `CAP_NET_ADMIN` in a new user and network namespace.
 * [CVE-2022-2078](https://nvd.nist.gov/vuln/detail/CVE-2022-2078): to exploit, need to be able to add netfilter rules, granted by `CAP_NET_ADMIN` in a new user and network namespace.