![](http://habrastorage.org/getpro/habr/avatars/4ad/9b3/3be/4ad9b33be4e21af8873896a6d9ed0655.png)
Linux kernel vulnerability to get local root
![](https://habrastorage.org/getpro/habr/post_images/b38/1d6/982/b381d69822b5170e81da901f38247f02.png)
The vulnerability allows a local user to elevate privileges to root.
Vulnerable kernel versions c 2.6.31-rc3 to 3.15-rc5.
CVE-2014-0196
The problem was caused by an error in the function n_tty_write (drivers / tty / n_tty.c), in which the access situation to the virtual terminal was incorrectly processed using the “LECHO &! OPOST” flags, which allowed the user to initiate damage to kernel memory areas.
In one of four cases, using an exploit causes a kernel crash.
The exploit works only on kernels> = v3.14-rc1, because it added:
tty: Halve flip buffer GFP_ATOMIC memory consumption
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acc0f67f307f52f7aec1cffdc40a786c15dd21d9
on which the exploit relies.
Discussion on linux.org.ru: www.linux.org.ru/news/security/10479079
Article on ArsTechnica arstechnica.com/security/2014/05/linux-gets-fix-for-code-execution-flaw-that- went-unpatched-since-2009
Bug Report: bugzilla.novell.com/show_bug.cgi?id=875690
CVE: cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196
POC-Discussion: www.openwall.com/lists/oss-security/2014/05/12/3