Vulnerability Description
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.18, < 4.4.204 |
| Canonical | Ubuntu Linux | 14.04 |
| Opensuse | Leap | 15.1 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Cloud Backup | - |
| Netapp | Data Availability Services | - |
| Netapp | E-Series Santricity Os Controller | >= 11.0.0, <= 11.70.1 |
| Netapp | Element Software | - |
| Netapp | Hci Management Node | - |
| Netapp | Solidfire | - |
| Netapp | Steelstore Cloud Integrated Storage | - |
| Broadcom | Fabric Operating System | - |
| Netapp | A700S Firmware | - |
| Netapp | A700S | - |
| Netapp | 8300 Firmware | - |
| Netapp | 8300 | - |
| Netapp | 8700 Firmware | - |
| Netapp | 8700 | - |
| Netapp | A400 Firmware | - |
| Netapp | A400 | - |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.htmlMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-SlackwarThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2019/11/05/1ExploitMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlMailing ListThird Party Advisory
- https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/Vendor Advisory
- https://seclists.org/bugtraq/2020/Jan/10Mailing ListPatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20191205-0001/Third Party Advisory
- https://usn.ubuntu.com/4254-1/Third Party Advisory
- https://usn.ubuntu.com/4254-2/Third Party Advisory
- https://usn.ubuntu.com/4258-1/Third Party Advisory
- https://usn.ubuntu.com/4284-1/Third Party Advisory
- https://usn.ubuntu.com/4287-1/Third Party Advisory
- https://usn.ubuntu.com/4287-2/Third Party Advisory
- https://www.openwall.com/lists/oss-security/2019/11/02/1ExploitMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2019-18683?
CVE-2019-18683 is a vulnerability with a CVSS score of 7.0 (HIGH). An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 acc...
How severe is CVE-2019-18683?
CVE-2019-18683 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18683?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Opensuse Leap, Netapp Active Iq Unified Manager, Netapp Cloud Backup.