Julien Gomes

1 exploit Active since May 2019
CVE-2018-7191 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.14 - Denial of Service via TUNSETIFF ioctl with Invalid Device Name
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
CVSS 5.5