CVE-2014-0196
MEDIUMCVSS 5.5/10Actively ExploitedEPSS 22.48%
Last modified
CVE-2014-0196 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.. CISA has confirmed active exploitation in the wild. EPSS estimates a 22.48% chance of exploitation in the next 30 days.
Description
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | > 2.6.31, < 3.2.59 | — |
| Linux | Linux Kernel | >= 3.3, < 3.4.91 | — |
| Linux | Linux Kernel | >= 3.5, < 3.10.40 | — |
| Linux | Linux Kernel | >= 3.11, < 3.12.20 | — |
| Linux | Linux Kernel | >= 3.13, < 3.14.4 | — |
| Linux | Linux Kernel | 2.6.31 | — |
| Debian | Debian Linux | 6.0 | — |
| Debian | Debian Linux | 7.0 | — |
| Redhat | Enterprise Linux | 6.0 | — |
| Redhat | Enterprise Linux Eus | 6.3 | — |
| Redhat | Enterprise Linux Eus | 6.4 | — |
| Redhat | Enterprise Linux Server Eus | 6.3 | — |
| Suse | Suse Linux Enterprise Desktop | 11 | Sp3 |
| Suse | Suse Linux Enterprise High Availability Extension | 11 | Sp3 |
| Suse | Suse Linux Enterprise Server | 11 | Sp3 |
| Oracle | Linux | 6 | — |
| Canonical | Ubuntu Linux | 10.04 | — |
| Canonical | Ubuntu Linux | 12.04 | — |
| Canonical | Ubuntu Linux | 12.10 | — |
| Canonical | Ubuntu Linux | 13.10 | — |
| Canonical | Ubuntu Linux | 14.04 | — |
| F5 | Big-Ip Access Policy Manager | >= 11.1.0, <= 11.5.1 | — |
| F5 | Big-Ip Advanced Firewall Manager | >= 11.3.0, <= 11.5.1 | — |
| F5 | Big-Ip Analytics | >= 11.1.0, <= 11.5.1 | — |
| F5 | Big-Ip Application Acceleration Manager | >= 11.4.0, <= 11.5.1 | — |
| F5 | Big-Ip Application Security Manager | >= 11.1.0, <= 11.5.1 | — |
| F5 | Big-Ip Edge Gateway | >= 11.1.0, <= 11.3.0 | — |
| F5 | Big-Ip Global Traffic Manager | >= 11.1.0, <= 11.5.1 | — |
| F5 | Big-Ip Link Controller | >= 11.1.0, <= 11.5.1 | — |
| F5 | Big-Ip Local Traffic Manager | >= 11.1.0, <= 11.5.1 | — |
| F5 | Big-Ip Policy Enforcement Manager | >= 11.3.0, <= 11.5.1 | — |
| F5 | Big-Ip Protocol Security Module | >= 11.1.0, <= 11.4.1 | — |
| F5 | Big-Ip Wan Optimization Manager | >= 11.1.0, <= 11.3.0 | — |
| F5 | Big-Ip Webaccelerator | >= 11.1.0, <= 11.3.0 | — |
| F5 | Big-Iq Application Delivery Controller | 4.5.0 | — |
| F5 | Big-Iq Centralized Management | 4.6.0 | — |
| F5 | Big-Iq Cloud | >= 4.0.0, <= 4.5.0 | — |
| F5 | Big-Iq Cloud And Orchestration | 1.0.0 | — |
| F5 | Big-Iq Device | >= 4.2.0, <= 4.5.0 | — |
| F5 | Big-Iq Security | >= 4.0.0, <= 4.5.0 | — |
| F5 | Enterprise Manager | 3.1.0 | — |
| F5 | Enterprise Manager | 3.1.1 | — |
References
- http://bugzilla.novell.com/show_bug.cgi?id=875690Issue Tracking, Permissions Required, Third Party Advisory
- http://linux.oracle.com/errata/ELSA-2014-0771.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.htmlMailing List, Third Party Advisory
- http://pastebin.com/raw.php?i=yTSFUBgZExploit, Mailing List, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0512.htmlThird Party Advisory
- http://secunia.com/advisories/59218Not Applicable
- http://secunia.com/advisories/59262Broken Link
- http://secunia.com/advisories/59599Broken Link
- http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.htmlThird Party Advisory
- http://www.debian.org/security/2014/dsa-2926Third Party Advisory
- http://www.debian.org/security/2014/dsa-2928Third Party Advisory
- http://www.exploit-db.com/exploits/33516Exploit, Third Party Advisory, VDB Entry
- http://www.openwall.com/lists/oss-security/2014/05/05/6Mailing List, Third Party Advisory
- http://www.osvdb.org/106646Broken Link
- http://www.ubuntu.com/usn/USN-2196-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2197-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2198-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2199-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2200-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2201-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2202-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2203-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2204-1Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1094232Issue Tracking, Patch, Third Party Advisory
- https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00Exploit, Patch, Third Party Advisory
- http://bugzilla.novell.com/show_bug.cgi?id=875690Issue Tracking, Permissions Required, Third Party Advisory
- http://linux.oracle.com/errata/ELSA-2014-0771.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.htmlMailing List, Third Party Advisory
- http://pastebin.com/raw.php?i=yTSFUBgZExploit, Mailing List, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0512.htmlThird Party Advisory
- http://secunia.com/advisories/59218Not Applicable
- http://secunia.com/advisories/59262Broken Link
- http://secunia.com/advisories/59599Broken Link
- http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.htmlThird Party Advisory
- http://www.debian.org/security/2014/dsa-2926Third Party Advisory
- http://www.debian.org/security/2014/dsa-2928Third Party Advisory
- http://www.exploit-db.com/exploits/33516Exploit, Third Party Advisory, VDB Entry
- http://www.openwall.com/lists/oss-security/2014/05/05/6Mailing List, Third Party Advisory
- http://www.osvdb.org/106646Broken Link
- http://www.ubuntu.com/usn/USN-2196-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2197-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2198-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2199-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2200-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2201-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2202-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2203-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2204-1Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1094232Issue Tracking, Patch, Third Party Advisory
- https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00Exploit, Patch, Third Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0196US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2014-0196?
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
How severe is CVE-2014-0196?
CVE-2014-0196 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 22.48% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.
How do I fix CVE-2014-0196?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2014-0196?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST