Описание
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
Ссылки
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Release NotesVendor Advisory
- PatchThird Party AdvisoryVendor Advisory
- PatchVendor Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Release NotesVendor Advisory
- PatchThird Party AdvisoryVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
5.5 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
Связанные уязвимости
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid ...
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
ELSA-2019-4706: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS
5.5 Medium
CVSS3
4.9 Medium
CVSS2