CVE-2014-0196

MEDIUM KEV

Linux kernel <3.14.3 - DoS

Title source: llm

Description

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Exploits (4)

nomisec WORKING POC 3 stars

by tempbottle · local

https://github.com/tempbottle/CVE-2014-0196

View Code ZIP pw:eip

nomisec WORKING POC

by SunRain · dos

https://github.com/SunRain/CVE-2014-0196

View Code ZIP pw:eip

vulncheck_xdb

local

https://github.com/Al1ex/LinuxEelvation

View on vulncheck_xdb

exploitdb WORKING POC

by Matthew Daley · clocallinux_x86-64

https://www.exploit-db.com/exploits/33516

View Code ZIP pw:eip

References (29)

[Issue Tracking, Permissions Required, Third Party Advisory] http://bugzilla.novell.com/show_bug.cgi?id=875690

[Broken Link] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00

[Third Party Advisory] http://linux.oracle.com/errata/ELSA-2014-0771.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html

[Exploit, Mailing List, Third Party Advisory] http://pastebin.com/raw.php?i=yTSFUBgZ

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-0512.html

[Not Applicable] http://secunia.com/advisories/59218

[Broken Link] http://secunia.com/advisories/59262

[Broken Link] http://secunia.com/advisories/59599

[Not Applicable] http://source.android.com/security/bulletin/2016-07-01.html

[Third Party Advisory] http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html

[Third Party Advisory] http://www.debian.org/security/2014/dsa-2926

[Third Party Advisory] http://www.debian.org/security/2014/dsa-2928

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/33516

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2014/05/05/6

[Broken Link] http://www.osvdb.org/106646

[Third Party Advisory] http://www.ubuntu.com/usn/USN-2196-1

[Third Party Advisory] http://www.ubuntu.com/usn/USN-2197-1

[Third Party Advisory] http://www.ubuntu.com/usn/USN-2198-1

... and 9 more

Scores

CVSS v3 5.5

EPSS 0.6176

EPSS Percentile 98.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitation Intel

CISA KEV 2023-05-12

VulnCheck KEV 2023-05-12

InTheWild.io 2023-05-12

ENISA EUVD EUVD-2014-0247

Classification

CWE

CWE-362

Status draft

Affected Products (46)

linux/linux_kernel < 3.2.59

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

debian/debian_linux

debian/debian_linux

redhat/enterprise_linux

redhat/enterprise_linux_eus

redhat/enterprise_linux_eus

redhat/enterprise_linux_server_eus

... and 31 more

Timeline

Published May 07, 2014

KEV Added May 12, 2023

Tracked Since Feb 18, 2026