CVE-2014-0196
high-risk
Published 2014-05-07
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
Do I need to act?
!
48.6% chance of exploitation in next 30 days
EPSS score — higher than 51% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
References (57)
Issue Tracking
http://bugzilla.novell.com/show_bug.cgi?id=875690
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-0771.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0512.html
Not Applicable
http://secunia.com/advisories/59218
Broken Link
http://secunia.com/advisories/59262
Broken Link
http://secunia.com/advisories/59599
Not Applicable
http://source.android.com/security/bulletin/2016-07-01.html
Third Party Advisory
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html
Third Party Advisory
http://www.debian.org/security/2014/dsa-2926
Third Party Advisory
http://www.debian.org/security/2014/dsa-2928
Broken Link
http://www.osvdb.org/106646
Third Party Advisory
http://www.ubuntu.com/usn/USN-2196-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2197-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2198-1
and 37 more references
68
/ 100
high-risk
Severity
18/34 · Moderate
Exploitability
25/34 · High
Exposure
25/34 · High