The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
Published 2014-05-07 10:55:04
Updated 2024-02-09 19:24:11
Source Red Hat, Inc.
View at NVD,   CVE.org
Vulnerability category: Memory CorruptionDenial of service

CVE-2014-0196 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Linux Kernel Race Condition Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings.
Notes:
https://lkml.iu.edu/hypermail/linux/kernel/1609.1/02103.html
Added on 2023-05-12 Action due date 2023-06-02

Exploit prediction scoring system (EPSS) score for CVE-2014-0196

Probability of exploitation activity in the next 30 days: 1.91%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-0196

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
6.9
MEDIUM AV:L/AC:M/Au:N/C:C/I:C/A:C
3.4
10.0
NIST

CWE ids for CVE-2014-0196

References for CVE-2014-0196

Products affected by CVE-2014-0196

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!