kernel: tty: fix out-of-bounds access in tty_driver_lookup_tty()

An out-of-bounds access was found in the TTY subsystem. When an invalid console device is specified on the kernel command line e.g., console=tty3270, the driver lookup returns a TTY struct with an invalid index, causing a crash during boot...

kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel. A local user could use this flaw to read numerical value from memory after free...

kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free

A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/ttyjobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CAN-2004-0814: Linux terminal layer races

Linux 2.6.9 fixes a set of race conditions in the Linux terminal subsystem which are believed to go back to 2.2 kernels if not earlier. The race shows up problematically in two places. Firstly a user can cause crashes and other undefined behaviour by issuing a TIOCSETLD ioctl on a terminal...