CVE-2014-0196

CVE Database · CVE-2014-0196

CVE-2014-0196

· MEDIUMAnalyzed

CVSS v3.1

5.5

EPSS

22.48%

Published

May 7, 2014

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2023-05-12 · Due: 2023-06-02

The impacted product is end-of-life and should be disconnected if still in use.

Public PoC / Exploit (4)

All weaponized →

Exploit-DBLinux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation TrickestTrickest PoC index GitHub PoCtempbottle/CVE-2014-0196★3 GitHub PoCSunRain/CVE-2014-0196★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-362CWE-362

Affected Products (50)

linux · linux_kernel (up to 3.2.59)vulnerable

linux · linux_kernel (up to 3.4.91)vulnerable

linux · linux_kernel (up to 3.10.40)vulnerable

linux · linux_kernel (up to 3.12.20)vulnerable

linux · linux_kernel (up to 3.14.4)vulnerable

linux · linux_kernelvulnerable

References (20)

http://bugzilla.novell.com/show_bug.cgi?id=875690

Issue TrackingPermissions RequiredThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00

Broken Link

http://linux.oracle.com/errata/ELSA-2014-0771.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html

Mailing ListThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs

linux · linux_kernel

linux · linux_kernelvulnerable

debian · debian_linuxvulnerable

redhat · enterprise_linuxvulnerable

redhat · enterprise_linux_eusvulnerable

redhat · enterprise_linux_server_eusvulnerable

suse · suse_linux_enterprise_desktopvulnerable

suse · suse_linux_enterprise_high_availability_extensionvulnerable

suse · suse_linux_enterprise_servervulnerable

oracle · linuxvulnerable

canonical · ubuntu_linuxvulnerable

f5 · big-ip_access_policy_managervulnerable

f5 · big-ip_advanced_firewall_managervulnerable

f5 · big-ip_analyticsvulnerable

f5 · big-ip_application_acceleration_managervulnerable

f5 · big-ip_application_security_managervulnerable

f5 · big-ip_edge_gatewayvulnerable

f5 · big-ip_global_traffic_managervulnerable

f5 · big-ip_link_controllervulnerable

f5 · big-ip_local_traffic_managervulnerable

f5 · big-ip_policy_enforcement_managervulnerable

f5 · big-ip_protocol_security_modulevulnerable

f5 · big-ip_wan_optimization_managervulnerable

f5 · big-ip_webacceleratorvulnerable

f5 · big-iq_application_delivery_controllervulnerable

f5 · big-iq_centralized_managementvulnerable

f5 · big-iq_cloudvulnerable

f5 · big-iq_cloud_and_orchestrationvulnerable

f5 · big-iq_devicevulnerable

f5 · big-iq_securityvulnerable

f5 · enterprise_managervulnerable

http://pastebin.com/raw.php?i=yTSFUBgZ

ExploitMailing ListThird Party Advisory

http://www.exploit-db.com/exploits/33516

ExploitThird Party AdvisoryVDB Entry