** Description changed: - The tty atomic_write_lock does not provide an exclusion guarantee for - the tty driver if the termios settings are LECHO & !OPOST. And since it - is unexpected and not allowed to call TTY buffer helpers like - tty_insert_flip_string concurrently, this may lead to crashes when - concurrect writers call pty_write. In that case the following two + The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel + through 3.14.3 does not properly manage tty driver access in the "LECHO + & !OPOST" case, which allows local users to cause a denial of service + (memory corruption and system crash) or gain privileges by triggering a + race condition involving read and write operations with long strings. Break-Fix: d945cb9cce20ac7143c2de8d88b187f62db99bdc 4291086b1f081b869c6d79e5b7441633dc3ace00
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1314762 Title: CVE-2014-0196 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1314762/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
