CVE-2014-0196

Severity CVSS v4.0:
Pending analysis
Type:
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
07/05/2014
Last modified:
12/04/2025

Description

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 2.6.31 (excluding) 3.2.59 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.3 (including) 3.4.91 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.5 (including) 3.10.40 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.11 (including) 3.12.20 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.13 (including) 3.14.4 (excluding)
cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc9:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools