Linux Kernel Race Condition Vulnerability

Technical Severity

CVSS v3.1 Metrics

MEDIUM

5.5 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitation Likelihood

EPSS Prediction

63.84 %

Predictive Probability

Percentile Rank

98.4 th

Documented as more likely to be exploited than 98.4% of known CVEs.

Detection Date

May 12, 2023

Remediation Due

Jun 02, 2023

CISA Catalog Active

Threat Analysis

Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings.

Remediation Directive

The impacted product is end-of-life and should be disconnected if still in use.

Asset Context

Vendor Identity

Linux

Affected Product

Kernel

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-362

External Intelligence

https://lkml.iu.edu/hypermail/linux/kernel/1609.1/02103.html

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2014-0196