← back
CVE-2014-0196

CVE-2014-0196

CVSS 5.5 MEDIUMEPSS 22.5%● KEVCWE-362
In short

A flaw in the Linux kernel's terminal driver allows a local user to crash the system or gain elevated privileges by exploiting a race condition when reading and writing long strings to the terminal. This happens because the driver doesn't properly protect access during specific terminal settings.

Technical detail

CVE-2014-0196 is a race condition in the n_tty_write function (drivers/tty/n_tty.c) affecting Linux kernel versions through 3.14.3. The vulnerability occurs when LECHO is set and OPOST is disabled, allowing local attackers to trigger memory corruption via concurrent read/write operations with long strings, potentially leading to DoS or privilege escalation.

Summary generated and translated by AI from the official description.
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
n/a · n/a
public PoCs found4
githubgithub.com/tempbottle/CVE-2014-01963githubgithub.com/SunRain/CVE-2014-01960cve_referencewww.exploit-db.com/exploits/33516unverifiedexploitdbwww.exploit-db.com/exploits/33516unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugzilla.novell.com/show_bug.cgi?id=875690http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00http://linux.oracle.com/errata/ELSA-2014-0771.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.htmlhttp://pastebin.com/raw.php?i=yTSFUBgZhttp://rhn.redhat.com/errata/RHSA-2014-0512.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1094232http://secunia.com/advisories/59218http://secunia.com/advisories/59262http://secunia.com/advisories/59599https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00