CVE-2018-7191
CVSS v3.0
5.5 (Medium)
CVSS v2.0
4.9 (Medium)
EPSS
0.04 % (5th)
Affected Products
1
Advisories
18
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2019-05-17 05:29:00
(5 years ago) - Updated Date
-
2019-05-31 12:29:01
(5 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...