CVE-2014-0196: kernel memory corruption via a race in pty write handling

  • 7015061
  • 15-May-2014
  • 20-Jul-2014

Environment

SUSE Linux Enterprise Server 11 Service Pack 3 (SLES 11 SP3)

Situation

This is a critical security issue reported as VUL-0: CVE-2014-0196. That is a race condition in pty (pseudo terminal) write buffer handling that can be used by local attackers to corrupt kernel memory and so cause a system crash or potentially code execution.

Resolution

The fixes for both issues are available and have been published. Update the kernel to the current version, or at least to 3.0.101-0.29.1 by using the usual update channels. 

Feedback service temporarily unavailable. For content questions or problems, please contact Support.