Linux 2.6.31 Local Code Execution Vulnerability (CVE-2014-0196)

Source: Internet
Author: User
Tags vps arch linux

Linux 2.6.31 Local Code Execution Vulnerability (CVE-2014-0196)

To put it simply, this is a local code execution vulnerability that has existed since Linux 2.6.31-rc3 for five years. As a result, attackers will obtain the root shell and it will not be fixed until May 3 this year.

A race condition in the pty (pseudo terminal) layer (writer buffer handling), which could be used by attackers to corrupt kernel memory and cause denial of service (system crash) or privilege escalation.

For detailed Problem description, see SUSE Bugzillaticket, which contains two PoC Attack codes.

The vulnerability was detected and fixed by SUSE's jsiri Slaby. See patch for three lines of code:-D.

Gossip about the jsiri people. The first time he noticed that he was the main developer when SUSE announced the kGraftLive Kernel Patch project. According to the 30-bit kernel developer Series introduced in the last 30 weeks, he is a senior Linux kernel developer who is good at Serial and TTY layers and is a code scavenger, the problems found in drivers/tty/n_tty.c are also logical.

To put it bluntly, the biggest impact of this vulnerability is the sharing of web hosts. if the service provider does not promptly patch the kernel, attackers will exploit the vulnerability to obtain a local root shell.

Out of curiosity, I tested it with the second PoC attack code. The results are as follows:

  • Arch Linux3.14.3-1-ARCH is affected, and the root shell will be obtained soon
  • Ubuntu Server 14.04 LTS system is set to automatic upgrade, invalid
  • The latest version of Debian 7.5 is invalid.
  • CentOS 6.5 seems to have exited with an error.

The test results on Arch Linux are shown in the figure. Note that this test is performed on a virtual machine. If you do not use your laptop, you are afraid of oops or panic system crash.-D

I checked and found that:

  • The Security Update of Ubuntu 14.04 LTS was fixed in May 5, and the response speed was very fast.
  • Debian stable (wheezy) has also upgraded the kernel to 3.2.57-3 + deb7u1 in May 12 security updates.
  • Arch is also fixed after being updated to 3.14.3-2-ARCH, based on CVE-2014linux response time for 7 days linux-grsec response time less than 1 day
  • OpenSUSE 13.1 seems to have been fixed in May 5.
  • RHEL/CentOS 5.x is said to be unaffected, just like OpenSSL heartbleed.

The response speed of internal nuclear security vulnerabilities is one of the important reasons for determining the release selection. For more information, see.

Ksplice in May 7 and 8, respectively in the background automatically to run Ubuntu 14.04 and Ubuntu 12.04 kernel with a CVE-2014-0196 patch, direct immunity (in fact, a person with no problem ). The latter is that Digital Ocean kvm vps has been running for 290 days, ready to upgrade to the next LTS for one year ;-) the free use of Ksplice is the reason why VPS chose Ubuntu Server instead of the Debian stable version.

Finally, Ksplice is not advertised. At present, the conflict between kGraft and kpatch is still unknown. It is the only choice. We hope that we can see it soon. It is best for the two to cooperate in mainline.


  • Http://
  • Http://
  • CVE-2014-0196-ArchWiki

This article permanently updates the link address:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.