CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case…

medium5.5CVSS 3.1

AVLACLPRLUINSUCNINAH

KEVITWEXPLOIT

CISA Known Exploited Vulnerabilitydue 2023-06-02

Exploited in the wild

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Affected

47 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	linux	< linux 3.14.4-1 (bookworm)	linux 3.14.4-1 (bookworm)
f5	big-ip_access_policy_manager	11.1.0 – 11.5.1	—
f5	big-ip_advanced_firewall_manager	11.3.0 – 11.5.1	—
f5	big-ip_analytics	11.1.0 – 11.5.1	—
f5	big-ip_application_acceleration_manager	11.4.0 – 11.5.1	—
f5	big-ip_application_security_manager	11.1.0 – 11.5.1	—
f5	big-ip_edge_gateway	11.1.0 – 11.3.0	—
f5	big-ip_global_traffic_manager	11.1.0 – 11.5.1	—
f5	big-ip_link_controller	11.1.0 – 11.5.1	—
f5	big-ip_local_traffic_manager	11.1.0 – 11.5.1	—
f5	big-ip_policy_enforcement_manager	11.3.0 – 11.5.1	—
f5	big-ip_protocol_security_module	11.1.0 – 11.4.1	—
f5	big-ip_wan_optimization_manager	11.1.0 – 11.3.0	—
f5	big-ip_webaccelerator	11.1.0 – 11.3.0	—
f5	big-iq_application_delivery_controller	—	—
f5	big-iq_centralized_management	—	—
f5	big-iq_cloud	4.0.0 – 4.5.0	—
f5	big-iq_cloud_and_orchestration	—	—

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

osv5.5MEDIUM

vulncheck5.5MEDIUM

cisa5.5MEDIUM