CVE-2004-0814

Linux 2.4.x-2.6.8 - Info Disclosure

Title source: llm

Description

Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.

References (11)

[Issue Tracking] http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672

[Issue Tracking] http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110

[Mailing List] http://marc.info/?l=bugtraq&m=110306397320336&w=2

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:022

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-293.html

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/11491

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/11492

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/379005

[Issue Tracking] https://bugzilla.fedora.us/show_bug.cgi?id=2336

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17816

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10728

Scores

EPSS 0.0024

EPSS Percentile 46.6%

Classification

Status draft

Affected Products (50)

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

... and 35 more

Timeline

Published Dec 23, 2004

Tracked Since Feb 18, 2026