NVD Vulnerability Detail

CVE-2014-0196

Summary	The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
Summary	La función n_tty_write en drivers/tty/n_tty.c en el kernel de Linux hasta 3.14.3 no maneja debidamente acceso al controlador tty en el caso 'LECHO & !OPOST', lo que permite a usuarios locales causar una denegación de servicio (consumo de memoria y caída de sistema) o ganar privilegios mediante la provocación de una condición de carrera involucrando operaciones de lectura y escritura con cadenas largas.
Publication Date	May 7, 2014, 7:55 p.m.
Registration Date	Jan. 26, 2021, 3:04 p.m.
Last Update	April 22, 2026, 5:07 a.m.

CVSS3.1 : MEDIUM
スコア	5.5
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

CVSS2.0 : MEDIUM
Score	6.9
Vector	AV:L/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::			2.6.31	3.2.59
cpe:2.3:o:linux:linux_kernel::::::::	3.3			3.4.91
cpe:2.3:o:linux:linux_kernel::::::::	3.5			3.10.40
cpe:2.3:o:linux:linux_kernel::::::::	3.11			3.12.20
cpe:2.3:o:linux:linux_kernel::::::::	3.13			3.14.4
cpe:2.3:o:linux:linux_kernel:2.6.31:-::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc3::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc4::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc5::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc6::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc7::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc8::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc9::::::
cpe:2.3:o:debian:debian_linux:6.0:::::::*
cpe:2.3:o:debian:debian_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:::::::*
cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3::::-::*
cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension:11:sp3::::::
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3::::-::*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3::::vmware::*
cpe:2.3:o:oracle:linux:6:-::::::
cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:a:f5:big-ip_access_policy_manager::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::	11.3.0	11.5.1
cpe:2.3:a:f5:big-ip_analytics::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::	11.4.0	11.5.1
cpe:2.3:a:f5:big-ip_application_security_manager::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_edge_gateway::::::::	11.1.0	11.3.0
cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_link_controller::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::	11.3.0	11.5.1
cpe:2.3:a:f5:big-ip_protocol_security_module::::::::	11.1.0	11.4.1
cpe:2.3:a:f5:big-ip_wan_optimization_manager::::::::	11.1.0	11.3.0
cpe:2.3:a:f5:big-ip_webaccelerator::::::::	11.1.0	11.3.0
cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:::::::*
cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:::::::*
cpe:2.3:a:f5:big-iq_cloud::::::::	4.0.0	4.5.0
cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:::::::*
cpe:2.3:a:f5:big-iq_device::::::::	4.2.0	4.5.0
cpe:2.3:a:f5:big-iq_security::::::::	4.0.0	4.5.0
cpe:2.3:a:f5:enterprise_manager:3.1.0:::::::*
cpe:2.3:a:f5:enterprise_manager:3.1.1:::::::*

Related information, measures and tools

No	URL	refsource
1	http://bugzilla.novell.com/show_bug.cgi?id=875690	secalert@redhat.com
2	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00	secalert@redhat.com
3	http://linux.oracle.com/errata/ELSA-2014-0771.html	secalert@redhat.com
4	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html	secalert@redhat.com
5	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html	secalert@redhat.com
6	http://pastebin.com/raw.php?i=yTSFUBgZ	secalert@redhat.com
7	http://rhn.redhat.com/errata/RHSA-2014-0512.html	secalert@redhat.com
8	http://secunia.com/advisories/59218	secalert@redhat.com
9	http://secunia.com/advisories/59262	secalert@redhat.com
10	http://secunia.com/advisories/59599	secalert@redhat.com
11	http://source.android.com/security/bulletin/2016-07-01.html	secalert@redhat.com
12	http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html	secalert@redhat.com
13	http://www.debian.org/security/2014/dsa-2926	secalert@redhat.com
14	http://www.debian.org/security/2014/dsa-2928	secalert@redhat.com
15	http://www.exploit-db.com/exploits/33516	secalert@redhat.com
16	http://www.openwall.com/lists/oss-security/2014/05/05/6	secalert@redhat.com
17	http://www.osvdb.org/106646	secalert@redhat.com
18	http://www.ubuntu.com/usn/USN-2196-1	secalert@redhat.com
19	http://www.ubuntu.com/usn/USN-2197-1	secalert@redhat.com
20	http://www.ubuntu.com/usn/USN-2198-1	secalert@redhat.com
21	http://www.ubuntu.com/usn/USN-2199-1	secalert@redhat.com
22	http://www.ubuntu.com/usn/USN-2200-1	secalert@redhat.com
23	http://www.ubuntu.com/usn/USN-2201-1	secalert@redhat.com
24	http://www.ubuntu.com/usn/USN-2202-1	secalert@redhat.com
25	http://www.ubuntu.com/usn/USN-2203-1	secalert@redhat.com
26	http://www.ubuntu.com/usn/USN-2204-1	secalert@redhat.com
27	https://bugzilla.redhat.com/show_bug.cgi?id=1094232	secalert@redhat.com
28	https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00	secalert@redhat.com
29	http://bugzilla.novell.com/show_bug.cgi?id=875690	af854a3a-2127-422b-91ae-364da2661108
30	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00	af854a3a-2127-422b-91ae-364da2661108
31	http://linux.oracle.com/errata/ELSA-2014-0771.html	af854a3a-2127-422b-91ae-364da2661108
32	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html	af854a3a-2127-422b-91ae-364da2661108
33	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html	af854a3a-2127-422b-91ae-364da2661108
34	http://pastebin.com/raw.php?i=yTSFUBgZ	af854a3a-2127-422b-91ae-364da2661108
35	http://rhn.redhat.com/errata/RHSA-2014-0512.html	af854a3a-2127-422b-91ae-364da2661108
36	http://secunia.com/advisories/59218	af854a3a-2127-422b-91ae-364da2661108
37	http://secunia.com/advisories/59262	af854a3a-2127-422b-91ae-364da2661108
38	http://secunia.com/advisories/59599	af854a3a-2127-422b-91ae-364da2661108
39	http://source.android.com/security/bulletin/2016-07-01.html	af854a3a-2127-422b-91ae-364da2661108
40	http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html	af854a3a-2127-422b-91ae-364da2661108
41	http://www.debian.org/security/2014/dsa-2926	af854a3a-2127-422b-91ae-364da2661108
42	http://www.debian.org/security/2014/dsa-2928	af854a3a-2127-422b-91ae-364da2661108
43	http://www.exploit-db.com/exploits/33516	af854a3a-2127-422b-91ae-364da2661108
44	http://www.openwall.com/lists/oss-security/2014/05/05/6	af854a3a-2127-422b-91ae-364da2661108
45	http://www.osvdb.org/106646	af854a3a-2127-422b-91ae-364da2661108
46	http://www.ubuntu.com/usn/USN-2196-1	af854a3a-2127-422b-91ae-364da2661108
47	http://www.ubuntu.com/usn/USN-2197-1	af854a3a-2127-422b-91ae-364da2661108
48	http://www.ubuntu.com/usn/USN-2198-1	af854a3a-2127-422b-91ae-364da2661108
49	http://www.ubuntu.com/usn/USN-2199-1	af854a3a-2127-422b-91ae-364da2661108
50	http://www.ubuntu.com/usn/USN-2200-1	af854a3a-2127-422b-91ae-364da2661108
51	http://www.ubuntu.com/usn/USN-2201-1	af854a3a-2127-422b-91ae-364da2661108
52	http://www.ubuntu.com/usn/USN-2202-1	af854a3a-2127-422b-91ae-364da2661108
53	http://www.ubuntu.com/usn/USN-2203-1	af854a3a-2127-422b-91ae-364da2661108
54	http://www.ubuntu.com/usn/USN-2204-1	af854a3a-2127-422b-91ae-364da2661108
55	https://bugzilla.redhat.com/show_bug.cgi?id=1094232	af854a3a-2127-422b-91ae-364da2661108
56	https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00	af854a3a-2127-422b-91ae-364da2661108
57	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0196	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-362	競合状態	https://cwe.mitre.org/data/definitions/362.html

JVN Vulnerability Information

Linux Kernel の drivers/tty/n_tty.c の n_tty_write 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	Linux Kernel の drivers/tty/n_tty.c の n_tty_write 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	Linux Kernel の drivers/tty/n_tty.c の n_tty_write 関数は、"LECHO & !OPOST" の場合における tty ドライバアクセスを適切に管理しないため、サービス運用妨害 (メモリ破損およびシステムクラッシュ) 状態にされる、または権限を取得される脆弱性が存在します。
Possible impacts	ローカルユーザにより、過度に長い文字列を伴う読み込みおよび書き込み操作を含む競合状態を誘発されることで、サービス運用妨害 (メモリ破損およびシステムクラッシュ) 状態にされる、または権限を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 4, 2014, midnight
Registration Date	May 8, 2014, 4:57 p.m.
Last Update	July 28, 2014, 5:17 p.m.

Affected System

Linux

Linux Kernel 3.14.3 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0196	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196
National Vulnerability Database (NVD)
2	CVE-2014-0196	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0196

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-362	https://jvndb.jvn.jp/ja/cwe/CWE-362.html

ベンダー情報

No	Name	URL
Bugzilla
1	Bug 875690	https://bugzilla.novell.com/show_bug.cgi?id=875690
GitHub
2	n_tty: Fix n_tty_write crash when echoing in raw mode	https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00
Linux Kernel
3	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
4	n_tty: Fix n_tty_write crash when echoing in raw mode	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4291086b1f081b869c6d79e5b7441633dc3ace00
Oracle
5	ELSA-2014-0771	http://linux.oracle.com/errata/ELSA-2014-0771.html
Red Hat Bugzilla
6	Bug 1094232	https://bugzilla.redhat.com/show_bug.cgi?id=1094232
Red Hat Security Advisory
7	RHSA-2014:0512	https://rhn.redhat.com/errata/RHSA-2014-0512.html

Change Log

No	Changed Details	Date of change
0	[2014年05月08日] 掲載 [2014年06月17日] ベンダ情報：レッドハット (RHSA-2014:0512) を追加 [2014年07月28日] ベンダ情報：オラクル (ELSA-2014-0771) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::			2.6.31	3.2.59
cpe:2.3:o:linux:linux_kernel::::::::	3.3			3.4.91
cpe:2.3:o:linux:linux_kernel::::::::	3.5			3.10.40
cpe:2.3:o:linux:linux_kernel::::::::	3.11			3.12.20
cpe:2.3:o:linux:linux_kernel::::::::	3.13			3.14.4
cpe:2.3:o:linux:linux_kernel:2.6.31:-::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc3::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc4::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc5::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc6::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc7::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc8::::::
cpe:2.3:o:linux:linux_kernel:2.6.31:rc9::::::
cpe:2.3:o:debian:debian_linux:6.0:::::::*
cpe:2.3:o:debian:debian_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:::::::*
cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3::::-::*
cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension:11:sp3::::::
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3::::-::*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3::::vmware::*
cpe:2.3:o:oracle:linux:6:-::::::
cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:a:f5:big-ip_access_policy_manager::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::	11.3.0	11.5.1
cpe:2.3:a:f5:big-ip_analytics::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::	11.4.0	11.5.1
cpe:2.3:a:f5:big-ip_application_security_manager::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_edge_gateway::::::::	11.1.0	11.3.0
cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_link_controller::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::	11.1.0	11.5.1
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::	11.3.0	11.5.1
cpe:2.3:a:f5:big-ip_protocol_security_module::::::::	11.1.0	11.4.1
cpe:2.3:a:f5:big-ip_wan_optimization_manager::::::::	11.1.0	11.3.0
cpe:2.3:a:f5:big-ip_webaccelerator::::::::	11.1.0	11.3.0
cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:::::::*
cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:::::::*
cpe:2.3:a:f5:big-iq_cloud::::::::	4.0.0	4.5.0
cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:::::::*
cpe:2.3:a:f5:big-iq_device::::::::	4.2.0	4.5.0
cpe:2.3:a:f5:big-iq_security::::::::	4.0.0	4.5.0
cpe:2.3:a:f5:enterprise_manager:3.1.0:::::::*
cpe:2.3:a:f5:enterprise_manager:3.1.1:::::::*