diff --git a/pkgs/os-specific/linux/kernel/cve-2014-0196.patch b/pkgs/os-specific/linux/kernel/cve-2014-0196.patch
new file mode 100644
index 000000000000..5234bab22075
--- /dev/null
+++ b/pkgs/os-specific/linux/kernel/cve-2014-0196.patch
@@ -0,0 +1,22 @@
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=4291086b1f081b869c6d79e5b7441633dc3ace00
+
+diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
+index 41fe8a0..fe9d129 100644
+--- a/drivers/tty/n_tty.c
++++ b/drivers/tty/n_tty.c
+@@ -2353,8 +2353,12 @@ static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
+ 			if (tty->ops->flush_chars)
+ 				tty->ops->flush_chars(tty);
+ 		} else {
++			struct n_tty_data *ldata = tty->disc_data;
++
+ 			while (nr > 0) {
++				mutex_lock(&ldata->output_lock);
+ 				c = tty->ops->write(tty, b, nr);
++				mutex_unlock(&ldata->output_lock);
+ 				if (c < 0) {
+ 					retval = c;
+ 					goto break_out;
+-- 
+cgit v0.10.1
+
diff --git a/pkgs/os-specific/linux/kernel/linux-3.12.nix b/pkgs/os-specific/linux/kernel/linux-3.12.nix
index 79fead697b5c..9c10d40fd3ee 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.12.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.12.nix
@@ -9,6 +9,8 @@ import ./generic.nix (args // rec {
     sha256 = "1f59lyyyc4anaj50dzb9448gz6n9fdrcy2mvd7f193pp6018gdp6";
   };
 
+  kernelPatches = args.kernelPatches ++ [ { name = "cve-2014-0196"; patch = ./cve-2014-0196.patch; } ];
+
   features.iwlwifi = true;
   features.efiBootStub = true;
   features.needsCifsUtils = true;