CVE DATABASE / CVE-2014-0196

CVE-2014-0196

Linux Kernel Race Condition Vulnerability

CVSS 5.5 · MEDIUM ⚠ CISA KEV — ACTIVELY EXPLOITED

On the CISA KEV catalog

Confirmed exploited in the wild. Added 2023-05-12. Federal remediation due 2023-06-02.
Required action: The impacted product is end-of-life and should be disconnected if still in use.

Summary

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

CVSS 3.1 breakdown

Base score	5.5 (MEDIUM)
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack vector	LOCAL
Attack complexity	LOW
Privileges required	LOW
User interaction	NONE
Scope	UNCHANGED
Confidentiality	NONE
Integrity	NONE
Availability	HIGH

Weakness type (CWE)

CWE-362

Affected products

Linux linux kernelDebian debian linuxRedhat enterprise linuxRedhat enterprise linux eusRedhat enterprise linux server eusSuse suse linux enterprise desktopSuse suse linux enterprise high availability extensionSuse suse linux enterprise serverOracle linuxCanonical ubuntu linuxF5 big-ip access policy managerF5 big-ip advanced firewall managerF5 big-ip analyticsF5 big-ip application acceleration managerF5 big-ip application security managerF5 big-ip edge gatewayF5 big-ip global traffic managerF5 big-ip link controllerF5 big-ip local traffic managerF5 big-ip policy enforcement manager

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2026-04-21. Always verify against the vendor advisory before acting.