CVE-2018-7191 in Kernelinfo

Summary

In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

02/17/2018

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-476 (Confirmed)

CVSS

4.4

EPSS

0.00075

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-7191
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-7191
CVE Details	https://www.cvedetails.com/cve/CVE-2018-7191/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!