CVE-2014-0196

A new kernel bug has been discovered that allows local users to possibly corrupt memory causing a system crash or gain super user privileges by triggering a race condition with the tty driver involving read and write operations with long strings. Administrators of Linux are advised to upgrade any kernel from 2.6.31-rc3 to 3.14.3 as soon as possible.

Proof-of-concept code has already been made available here and here.

further reading

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196 http://arstechnica.com/security/2014/05/linux-gets-fix-for-code-execution-flaw-that-went-unpatched-since-2009/