CVE-2014-0196
MEDIUM severity · CVSS 5.5 · CWE-362 · actively exploited (CISA KEV)
5.5CVSS MEDIUM ● exploited
🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
Added to KEV 2023-05-12. US federal agencies must patch by 2023-06-02.
Summary
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactNone
Integrity impactNone
Availability impactHigh
Exploit probability (EPSS)50%
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products we track (4)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://bugzilla.novell.com/show_bug.cgi?id=875690Advisory
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00
- http://linux.oracle.com/errata/ELSA-2014-0771.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.htmlAdvisory
- http://rhn.redhat.com/errata/RHSA-2014-0512.htmlAdvisory
- http://secunia.com/advisories/59218
- http://pastebin.com/raw.php?i=yTSFUBgZAdvisory