#VU41718 Race condition in Linux kernel - CVE-2014-0196


| Updated: 2023-05-12

Vulnerability identifier: #VU41718

Vulnerability risk: High

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2014-0196

CWE-ID: CWE-362

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 3.0 - 3.0.68, 3.1 - 3.14.2, 3.2 - 3.2.30, 3.3 - 3.3.8, 3.4 - 3.4.79, 3.5.1 - 3.5.7, 3.6 - 3.6.11, 3.7 - 3.7.10, 3.8.0 - 3.8.13, 3.9 - 3.9.11

External links
https://bugzilla.novell.com/show_bug.cgi?id=875690
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4291086b1f081b869c6d79e5b7441633dc3ace00
https://linux.oracle.com/errata/ELSA-2014-0771.html
https://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
https://pastebin.com/raw.php?i=yTSFUBgZ
https://rhn.redhat.com/errata/RHSA-2014-0512.html
https://secunia.com/advisories/59218
https://secunia.com/advisories/59262
https://secunia.com/advisories/59599
https://source.android.com/security/bulletin/2016-07-01.html
https://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html
https://www.debian.org/security/2014/dsa-2926
https://www.debian.org/security/2014/dsa-2928
https://www.exploit-db.com/exploits/33516
https://www.openwall.com/lists/oss-security/2014/05/05/6
https://www.osvdb.org/106646
https://www.ubuntu.com/usn/USN-2196-1
https://www.ubuntu.com/usn/USN-2197-1
https://www.ubuntu.com/usn/USN-2198-1
https://www.ubuntu.com/usn/USN-2199-1
https://www.ubuntu.com/usn/USN-2200-1
https://www.ubuntu.com/usn/USN-2201-1
https://www.ubuntu.com/usn/USN-2202-1
https://www.ubuntu.com/usn/USN-2203-1
https://www.ubuntu.com/usn/USN-2204-1
https://bugzilla.redhat.com/show_bug.cgi?id=1094232
https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.


Latest bulletins with this vulnerability


SUSE Linux update for Linux Kernel
Amazon Linux AMI update for kernel
Race condition in Linux kernel