CVE 2014-0196: Linux Kernel Memory Corruption Vulnerability

On April 29, a SUSE customer submit a kernel crash which turned out to be a race condition in the PTY write buffer handling.  The result of this could allow local users only to cause memory corruption and a system crash or potentially gain escalated privileges on the given system.  The Linux community has since confirmed that this vulnerability is present in kernels 2.6.31-rc3 up through 3.14.3.  Many of the prominent Linux vendors have also confirmed the vulnerability and provided a list of kernels on their platforms which are vulnerable.

RedHat
RHEL 5: No versions are vulnerable
RHEL 6: No versions are vulnerable
* This does affect certain specialty versions of RHEL6: RHEL6.2 AUS, RHEL 6.3 EUS, and Red Hat Enterprise MRG2, but not  the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 6.

Debian
Debian 6: up to and including 2.6.32-5
Debian 7: Linux-image versions below 3.2.57-3+deb7u1

Ubuntu
10.04: Linux-image versions below 2.6.32-58.121
12.04: Linux-image versions below 3.2.0-61.93
12.10: Linux-image versions below 3.5.0-49.74
13.04: Unknown
13.10: Linux-image versions below 3.11.0-20.35
14.04: Linux-image versions below 3.13.0-24.47

Suse
Unconfirmed other than to say 2.6.31-rc3 through 3.14.3

In order to assist our customers in evaluating any potential impact this CVE might have on their environments, the following sensors have been created and posted to our community website:

CVE 2014-0196 and Linux Kernel Version

Once these sensors have been added, a suggested query would be: Get Computer Name and Linux Kernel Version and CVE 2014-0196 from all machines or Get Computer Name and Linux Kernel Version and CVE 2014-0196 from machines where Is Linux contains True

This sensor will be updated as vendors provide more details.

If the results do not match your expectation, please contact your TAM or send a note to support@tanium.com.

Have more questions? Submit a request