First published: Thu May 01 2014(Updated: )
It is unexpected and not allowed to call TTY buffer helpers like tty_insert_flip_string concurrently. This may lead to crashes when ECHOing is enabled and concurrect writers call pty_write in the meantime. In that case the two writers: * the ECHOing from a workqueue and * pty_write from the process race and can overflow the corresponding TTY buffer. An unprivileged local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. References: <a href="http://seclists.org/oss-sec/2014/q2/243">http://seclists.org/oss-sec/2014/q2/243</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <0:2.6.32-358.6.1.el6 | 0:2.6.32-358.6.1.el6 |
redhat/kernel | <0:2.6.32-220.51.1.el6 | 0:2.6.32-220.51.1.el6 |
redhat/kernel | <0:2.6.32-279.43.2.el6 | 0:2.6.32-279.43.2.el6 |
redhat/kernel | <0:3.10.0-123.1.2.el7 | 0:3.10.0-123.1.2.el7 |
redhat/kernel-rt | <0:3.10.33-rt32.34.el6 | 0:3.10.33-rt32.34.el6 |
Linux Linux kernel | <=3.14.3 | |
Debian Debian Linux | =6.0 | |
Debian Debian Linux | =7.0 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux Eus | =6.3 | |
Redhat Enterprise Linux Eus | =6.4 | |
Redhat Enterprise Linux Server Eus | =6.3 | |
SUSE SUSE Linux Enterprise Desktop | =11-sp3 | |
Suse Suse Linux Enterprise High Availability Extension | =11-sp3 | |
SUSE SUSE Linux Enterprise Server | =11-sp3 | |
Suse Suse Linux Enterprise Server Vmware | =11-sp3 | |
Oracle Linux | =6 | |
Canonical Ubuntu Linux | =10.04 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =12.10 | |
Canonical Ubuntu Linux | =13.10 | |
Canonical Ubuntu Linux | =14.04 | |
F5 BIG-IP Access Policy Manager | >=11.1.0<=11.5.1 | |
F5 BIG-IP Advanced Firewall Manager | >=11.3.0<=11.5.1 | |
F5 BIG-IP Analytics | >=11.1.0<=11.5.1 | |
F5 Big-ip Application Acceleration Manager | >=11.4.0<=11.5.1 | |
F5 BIG-IP Application Security Manager | >=11.1.0<=11.5.1 | |
F5 Big-ip Edge Gateway | >=11.1.0<=11.3.0 | |
F5 Big-ip Global Traffic Manager | >=11.1.0<=11.5.1 | |
F5 Big-ip Link Controller | >=11.1.0<=11.5.1 | |
F5 Big-ip Local Traffic Manager | >=11.1.0<=11.5.1 | |
F5 Big-ip Policy Enforcement Manager | >=11.3.0<=11.5.1 | |
F5 Big-ip Protocol Security Module | >=11.1.0<=11.4.1 | |
F5 Big-ip Wan Optimization Manager | >=11.1.0<=11.3.0 | |
F5 Big-ip Webaccelerator | >=11.1.0<=11.3.0 | |
F5 Big-iq Application Delivery Controller | =4.5.0 | |
F5 BIG-IQ Centralized Management | =4.6.0 | |
F5 BIG-IQ Cloud | >=4.0.0<=4.5.0 | |
F5 Big-iq Cloud And Orchestration | =1.0.0 | |
F5 Big-iq Device | >=4.2.0<=4.5.0 | |
F5 Big-iq Security | >=4.0.0<=4.5.0 | |
F5 Enterprise Manager | >=3.1.0<=3.1.1 | |
Linux Linux kernel | >2.6.31<3.2.59 | |
Linux Linux kernel | >=3.3<3.4.91 | |
Linux Linux kernel | >=3.5<3.10.40 | |
Linux Linux kernel | >=3.11<3.12.20 | |
Linux Linux kernel | >=3.13<3.14.4 | |
Linux Linux kernel | =2.6.31 | |
Linux Linux kernel | =2.6.31-rc3 | |
Linux Linux kernel | =2.6.31-rc4 | |
Linux Linux kernel | =2.6.31-rc5 | |
Linux Linux kernel | =2.6.31-rc6 | |
Linux Linux kernel | =2.6.31-rc7 | |
Linux Linux kernel | =2.6.31-rc8 | |
Linux Linux kernel | =2.6.31-rc9 | |
Linux kernel | ||
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 |
The impacted product is end-of-life and should be disconnected if still in use.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)