Executive Summary

Informations
NameCVE-2018-7191First vendor Publication2019-05-17
VendorCveLast vendor Modification2019-05-31

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score4.9Attack RangeLocal
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7191

CWE : Common Weakness Enumeration

%idName
100 %CWE-476NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Os2542

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/108380
MISC https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1743792
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748846
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.14
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a...
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c...
https://github.com/torvalds/linux/commit/0ad646c81b2182f7fa67ec0c8c825e0ee165...
https://github.com/torvalds/linux/commit/5c25f65fd1e42685f7ccd80e0621829c1057...
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-05-31 17:19:29
  • Multiple Updates
2019-05-20 21:19:21
  • Multiple Updates
2019-05-17 21:19:31
  • Multiple Updates
2019-05-17 13:19:10
  • First insertion