The CIS standard for Ubuntu 14.04 LTS (01-07-2015) states that the /tmp directory should be mounted with a nodev flag - this is under the FileSystem Configuration (Section 2). This prevents the creation of block and character special devices.
Is someone able to confirm how could an attacker exploit not mounting the /tmp directory with nodev flag?
To my understanding, the device files (which to my understanding allow low-level connection to connected hardware devices) generally appear in /dev directory for connecting devices and are typically not accessible unless you have a root or tty user. The /dev directory is also not writable by a user other than root.