This is a locally exploitable privilege escalation involving creation of the socket, triggerable from user level, so exploitable by local users or as a followup after another exploit is used to get some level of local access, correct?
Not really. Requires to have the CAP_NET_RAW capability, which is pretty rare. (This capability allows you raw access to the network interface, which is usually only given to the root user)
No. It's exploitable by a normal unprivileged user on modern Ubuntu. From the article, "Let’s see how we can exploit this vulnerability. I’m going to be targeting x86-64 Ubuntu 16.04.2 with 4.8.0-41-generic kernel version with KASLR, SMEP and SMAP enabled. Ubuntu kernel has user namespaces available to unprivileged users (CONFIG_USER_NS=y and no restrictions on it’s usage), so the bug can be exploited to gain root privileges by an unprivileged user."
Thanks, I was a bit concerned at first when I saw the 4 words "Exploiting Linux kernel packet" on one line, but as a privilege escalation after a first exploit I won't worry as much about it.
This is a locally exploitable privilege escalation involving creation of the socket, triggerable from user level, so exploitable by local users or as a followup after another exploit is used to get some level of local access, correct?