Dmitry Alexeev

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.13.14 **Description** The issue is related to a null pointer dereference in the dev get valid name function of the TUN subsystem in the Linux kernel. This can be exploited by local users to cause a denial of service, resulting in a system panic, by making an ioctl(TUNSETIFF) call with a dev name containing a / character. **Recommendations** For Linux kernel versions prior to 4.13.14, update to version 4.13.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the TUN subsystem to minimize the risk of exploitation. Avoid using the ioctl(TUNSETIFF) call with a dev name containing a / character until the issue is resolved.