CVE-2014-0196: Linux Kernel Race Condition Vulnerability
First published: Thu May 01 2014(Updated: )
It is unexpected and not allowed to call TTY buffer helpers like tty_insert_flip_string concurrently. This may lead to crashes when ECHOing is enabled and concurrect writers call pty_write in the meantime. In that case the two writers: * the ECHOing from a workqueue and * pty_write from the process race and can overflow the corresponding TTY buffer. An unprivileged local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. References: <a href="http://seclists.org/oss-sec/2014/q2/243">http://seclists.org/oss-sec/2014/q2/243</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-358.6.1.el6 | 0:2.6.32-358.6.1.el6 |
| redhat/kernel | <0:2.6.32-220.51.1.el6 | 0:2.6.32-220.51.1.el6 |
| redhat/kernel | <0:2.6.32-279.43.2.el6 | 0:2.6.32-279.43.2.el6 |
| redhat/kernel | <0:3.10.0-123.1.2.el7 | 0:3.10.0-123.1.2.el7 |
| redhat/kernel-rt | <0:3.10.33-rt32.34.el6 | 0:3.10.33-rt32.34.el6 |
| Linux kernel | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
| Linux Kernel | <=3.14.3 | |
| Debian | =6.0 | |
| Debian | =7.0 | |
| Red Hat Enterprise Linux | =6.0 | |
| redhat enterprise Linux eus | =6.3 | |
| redhat enterprise Linux eus | =6.4 | |
| redhat enterprise Linux server eus | =6.3 | |
| SUSE Linux Enterprise Desktop | =11-sp3 | |
| SUSE Linux Enterprise High Availability Extension | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| Oracle Linux | =6 | |
| Ubuntu | =10.04 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Ubuntu | =13.10 | |
| Ubuntu | =14.04 | |
| F5 Access Policy Manager | >=11.1.0<=11.5.1 | |
| F5 BIG-IP Advanced Firewall Manager | >=11.3.0<=11.5.1 | |
| F5 BIG-IP Analytics | >=11.1.0<=11.5.1 | |
| f5 big-ip application acceleration manager | >=11.4.0<=11.5.1 | |
| F5 Application Security Manager | >=11.1.0<=11.5.1 | |
| F5 BIG-IP Edge Gateway | >=11.1.0<=11.3.0 | |
| F5 BIG-IP Global Traffic Manager | >=11.1.0<=11.5.1 | |
| F5 BIG-IP | >=11.1.0<=11.5.1 | |
| F5 BIG-IP Local Traffic Manager | >=11.1.0<=11.5.1 | |
| F5 BIG-IP Policy Enforcement Manager | >=11.3.0<=11.5.1 | |
| F5 BIG-IP Protocol Security Manager | >=11.1.0<=11.4.1 | |
| F5 BIG-IP WAN Optimization Manager | >=11.1.0<=11.3.0 | |
| F5 BIG-IP WebAccelerator | >=11.1.0<=11.3.0 | |
| F5 BIG-IQ Application Delivery Controller | =4.5.0 | |
| F5 BIG-IP and BIG-IQ Centralized Management | =4.6.0 | |
| F5 BIG-IQ Cloud and Orchestration | >=4.0.0<=4.5.0 | |
| F5 BIG-IQ Cloud and Orchestration | =1.0.0 | |
| F5 BIG-IQ Device | >=4.2.0<=4.5.0 | |
| F5 BIG-IQ Security | >=4.0.0<=4.5.0 | |
| F5 Enterprise Manager | >=3.1.0<=3.1.1 | |
| Linux Kernel | >2.6.31<3.2.59 | |
| Linux Kernel | >=3.3<3.4.91 | |
| Linux Kernel | >=3.5<3.10.40 | |
| Linux Kernel | >=3.11<3.12.20 | |
| Linux Kernel | >=3.13<3.14.4 | |
| Linux Kernel | =2.6.31 | |
| Linux Kernel | =2.6.31-rc3 | |
| Linux Kernel | =2.6.31-rc4 | |
| Linux Kernel | =2.6.31-rc5 | |
| Linux Kernel | =2.6.31-rc6 | |
| Linux Kernel | =2.6.31-rc7 | |
| Linux Kernel | =2.6.31-rc8 | |
| Linux Kernel | =2.6.31-rc9 | |
| F5 Enterprise Manager | =3.1.0 | |
| F5 Enterprise Manager | =3.1.1 |
Remedy
The impacted product is end-of-life and should be disconnected if still in use.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2014-0196 https://nvd.nist.gov/vuln/detail/CVE-2014-0196
- https://bugzilla.redhat.com/show_bug.cgi?id=1094232
- https://access.redhat.com/errata/RHSA-2013:0744
- https://access.redhat.com/errata/RHSA-2014:0520
- https://access.redhat.com/errata/RHSA-2014:0512
- https://access.redhat.com/errata/RHSA-2014:0678
- https://access.redhat.com/errata/RHSA-2014:0557
- https://access.redhat.com/security/cve/CVE-2014-0196
- http://pastebin.com/raw.php?i=yTSFUBgZ
- http://www.osvdb.org/106646
- http://www.exploit-db.com/exploits/33516
- http://secunia.com/advisories/59218
- http://secunia.com/advisories/59262
- http://secunia.com/advisories/59599
- http://www.debian.org/security/2014/dsa-2926
- http://www.debian.org/security/2014/dsa-2928
- http://rhn.redhat.com/errata/RHSA-2014-0512.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
- http://www.ubuntu.com/usn/USN-2196-1
- http://www.ubuntu.com/usn/USN-2197-1
- http://www.ubuntu.com/usn/USN-2198-1
- http://www.ubuntu.com/usn/USN-2199-1
- http://www.ubuntu.com/usn/USN-2200-1
- http://www.ubuntu.com/usn/USN-2201-1
- http://www.ubuntu.com/usn/USN-2202-1
- http://www.ubuntu.com/usn/USN-2203-1
- http://www.ubuntu.com/usn/USN-2204-1
- http://www.openwall.com/lists/oss-security/2014/05/05/6
- http://bugzilla.novell.com/show_bug.cgi?id=875690
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00
- http://linux.oracle.com/errata/ELSA-2014-0771.html
- http://source.android.com/security/bulletin/2016-07-01.html
- http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html
- https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00
- https://launchpad.net/bugs/cve/CVE-2014-0196
- http://seclists.org/oss-sec/2014/q2/243
- https://rhn.redhat.com/errata/RHSA-2013-0744.html
- https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=4291086b1f081b869c6d79e5b7441633dc3ace00
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094240
- http://bugfuzz.com/stuff/cve-2014-0196-md.c
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c12
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c13
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c16
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c56a00a165
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c17
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c23
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c25
- https://access.redhat.com/site/support/policy/updates/errata
- https://access.redhat.com/home
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c27
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c28
- https://access.redhat.com/site/support/contact/technicalSupport/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1094232#c33
- https://rhn.redhat.com/errata/RHSA-2014-0512.html
- https://rhn.redhat.com/errata/RHSA-2014-0520.html
- https://rhn.redhat.com/errata/RHSA-2014-0557.html
- https://rhn.redhat.com/errata/RHSA-2014-0678.html
- https://lkml.iu.edu/hypermail/linux/kernel/1609.1/02103.html;
- https://nvd.nist.gov/vuln/detail/CVE-2014-0196
- http://pastebin.com/yTSFUBgZ
- https://security-tracker.debian.org/tracker/CVE-2014-0196
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196
- https://ubuntu.com/security/CVE-2014-0196
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2014-0196?
CVE-2014-0196 has been assigned a moderate severity rating due to its potential to cause crashes under specific conditions.
How do I fix CVE-2014-0196?
To fix CVE-2014-0196, update the kernel to versions 2.6.32-358.6.1.el6 or later, or to any fixed 3.x version as specified in vendor patches.
What platforms are affected by CVE-2014-0196?
CVE-2014-0196 affects various Linux kernel versions, particularly those from Red Hat, Debian, and Ubuntu distributions.
Can CVE-2014-0196 be exploited remotely?
CVE-2014-0196 may be exploited locally under certain conditions but is not considered to be directly exploitable remotely.
What symptoms might indicate an issue caused by CVE-2014-0196?
Symptoms of CVE-2014-0196 may include unexpected crashes or instability in systems utilizing concurrent writing to TTY devices.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0196
- agent/weakness
- agent/title
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/trending
- agent/source
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- package-manager/debian
- version/linux kernel/3.14.3
- vendor/debian
- canonical/debian
- version/debian/6.0
- version/debian/7.0
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/6.3
- version/redhat enterprise linux eus/6.4
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/6.3
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11-sp3
- canonical/suse linux enterprise high availability extension
- version/suse linux enterprise high availability extension/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp3
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/6
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/12.04
- version/ubuntu/12.10
- version/ubuntu/13.10
- version/ubuntu/14.04
- vendor/f5
- canonical/f5 access policy manager
- version/f5 access policy manager/11.1.0
- version/f5 access policy manager/11.5.1
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/11.3.0
- version/f5 big-ip advanced firewall manager/11.5.1
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/11.1.0
- version/f5 big-ip analytics/11.5.1
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/11.4.0
- version/f5 big-ip application acceleration manager/11.5.1
- canonical/f5 application security manager
- version/f5 application security manager/11.1.0
- version/f5 application security manager/11.5.1
- canonical/f5 big-ip edge gateway
- version/f5 big-ip edge gateway/11.1.0
- version/f5 big-ip edge gateway/11.3.0
- canonical/f5 big-ip global traffic manager
- version/f5 big-ip global traffic manager/11.1.0
- version/f5 big-ip global traffic manager/11.5.1
- canonical/f5 big-ip
- version/f5 big-ip/11.1.0
- version/f5 big-ip/11.5.1
- canonical/f5 big-ip local traffic manager
- version/f5 big-ip local traffic manager/11.1.0
- version/f5 big-ip local traffic manager/11.5.1
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/11.3.0
- version/f5 big-ip policy enforcement manager/11.5.1
- canonical/f5 big-ip protocol security manager
- version/f5 big-ip protocol security manager/11.1.0
- version/f5 big-ip protocol security manager/11.4.1
- canonical/f5 big-ip wan optimization manager
- version/f5 big-ip wan optimization manager/11.1.0
- version/f5 big-ip wan optimization manager/11.3.0
- canonical/f5 big-ip webaccelerator
- version/f5 big-ip webaccelerator/11.1.0
- version/f5 big-ip webaccelerator/11.3.0
- canonical/f5 big-iq application delivery controller
- version/f5 big-iq application delivery controller/4.5.0
- canonical/f5 big-ip and big-iq centralized management
- version/f5 big-ip and big-iq centralized management/4.6.0
- canonical/f5 big-iq cloud and orchestration
- version/f5 big-iq cloud and orchestration/4.0.0
- version/f5 big-iq cloud and orchestration/4.5.0
- version/f5 big-iq cloud and orchestration/1.0.0
- canonical/f5 big-iq device
- version/f5 big-iq device/4.2.0
- version/f5 big-iq device/4.5.0
- canonical/f5 big-iq security
- version/f5 big-iq security/4.0.0
- version/f5 big-iq security/4.5.0
- canonical/f5 enterprise manager
- version/f5 enterprise manager/3.1.0
- version/f5 enterprise manager/3.1.1
- version/linux kernel/3.3
- version/linux kernel/3.5
- version/linux kernel/3.11
- version/linux kernel/3.13
- version/linux kernel/2.6.31
- version/linux kernel/2.6.31-rc3
- version/linux kernel/2.6.31-rc4
- version/linux kernel/2.6.31-rc5
- version/linux kernel/2.6.31-rc6
- version/linux kernel/2.6.31-rc7
- version/linux kernel/2.6.31-rc8
- version/linux kernel/2.6.31-rc9