QwikSec

Security Database

CVE

CWE

Training

CVE-2019-18683

Published: Nov 4, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openwall.com/lists/oss-security/2019/11/02/1

x_refsource_MISC

https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/

x_refsource_MISC

[oss-security] 20191105 Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20191205-0001/

x_refsource_CONFIRM

openSUSE-SU-2019:2675

vendor-advisory

x_refsource_SUSE

20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.