An updated kernel-utils package is available that removes the setuid bits incorrectly assigned to the uml_net binary.
The kernel-utils package contains several utilities that can be used to control the kernel or machine hardware. The uml_net utility, a user mode linux (UML) utility, in the kernel-utils packages that shipped with Red Hat Linux 8.0 incorrectly sets its uid to the root user. This could allow local users to control certain network interfaces, add and remove arp entries and routes, and put interfaces in and out of promiscuous mode. All users of the kernel-utils package should update to these errata packages which contain a version of uml_net which does not setuid root. Alternatively, as a work-around to this vulnerability, an administrator can issue the following command as root: chmod -s /usr/bin/uml_net Red Hat would like to thank Johnny Robertson for alerting us to this issue.