The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since May 12, 2023.

Exploitation active

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
F5
  • Big-ip Access Policy Manager
  • Big-ip Advanced Firewall Manager
  • Big-ip Analytics
  • Big-ip Application Acceleration Manager
  • Big-ip Application Security Manager
  • Big-ip Edge Gateway
  • Big-ip Global Traffic Manager
  • Big-ip Link Controller
  • Big-ip Local Traffic Manager
  • Big-ip Policy Enforcement Manager
  • Big-ip Protocol Security Module
  • Big-ip Wan Optimization Manager
  • Big-ip Webaccelerator
  • Big-iq Application Delivery Controller
  • Big-iq Centralized Management
  • Big-iq Cloud
  • Big-iq Cloud And Orchestration
  • Big-iq Device
  • Big-iq Security
  • Enterprise Manager
Linux
  • Linux Kernel
Oracle
  • Linux
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux Server Eus
  • Enterprise Mrg
  • Rhel Eus
  • Rhel Mission Critical
Suse
  • Suse Linux Enterprise Desktop
  • Suse Linux Enterprise High Availability Extension
  • Suse Linux Enterprise Server

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.31:rc9:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:-:*:*
cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*

Configuration 5 [-]

cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:enterprise_manager:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-358.6.1.el6 cpe:/o:redhat:enterprise_linux:6 RHSA-2013:0744 2013-04-23T00:00:00Z
Red Hat Enterprise Linux 6.2 Advanced Update Support
kernel-0:2.6.32-220.51.1.el6 cpe:/o:redhat:rhel_mission_critical:6.2 RHSA-2014:0520 2014-05-20T00:00:00Z
Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only
kernel-0:2.6.32-279.43.2.el6 cpe:/o:redhat:rhel_eus:6.3 RHSA-2014:0512 2014-05-19T00:00:00Z
Red Hat Enterprise Linux 7
kernel-0:3.10.0-123.1.2.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2014:0678 2014-06-10T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-0:3.10.33-rt32.34.el6rt cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2014:0557 2014-05-27T00:00:00Z
References
Link Providers
http://bugzilla.novell.com/show_bug.cgi?id=875690 cve-icon cve-icon
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00 cve-icon cve-icon
http://linux.oracle.com/errata/ELSA-2014-0771.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html cve-icon cve-icon
http://pastebin.com/raw.php?i=yTSFUBgZ cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0512.html cve-icon cve-icon
http://secunia.com/advisories/59218 cve-icon cve-icon
http://secunia.com/advisories/59262 cve-icon cve-icon
http://secunia.com/advisories/59599 cve-icon cve-icon
http://source.android.com/security/bulletin/2016-07-01.html cve-icon cve-icon
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html cve-icon cve-icon
http://www.debian.org/security/2014/dsa-2926 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-2928 cve-icon cve-icon
http://www.exploit-db.com/exploits/33516 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2014/05/05/6 cve-icon cve-icon
http://www.osvdb.org/106646 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2196-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2197-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2198-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2199-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2200-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2201-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2202-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2203-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2204-1 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1094232 cve-icon cve-icon
https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-0196 cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-0196 cve-icon
History

Fri, 07 Feb 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

kev

{'dateAdded': '2023-05-12'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Dec 2024 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:enterprise_manager:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*

Tue, 13 Aug 2024 23:45:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-02-07T13:36:58.638Z

Reserved: 2013-12-03T00:00:00.000Z

Link: CVE-2014-0196

cve-icon Vulnrichment

Updated: 2024-08-06T09:05:39.223Z

cve-icon NVD

Status : Analyzed

Published: 2014-05-07T10:55:04.337

Modified: 2025-04-03T18:06:51.760

Link: CVE-2014-0196

cve-icon Redhat

Severity : Important

Publid Date: 2014-05-01T00:00:00Z

Links: CVE-2014-0196 - Bugzilla