An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
|
History
06 Jun 2024, 19:13
Type | Values Removed | Values Added |
---|---|---|
References | () https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/ - Vendor Advisory |
18 Apr 2022, 15:46
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-416 | |
References | (UBUNTU) https://usn.ubuntu.com/4254-1/ - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2019/11/05/1 - Exploit, Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4258-1/ - Third Party Advisory | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2020/Jan/10 - Mailing List, Patch, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4287-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4287-2/ - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Third Party Advisory, VDB Entry | |
References | (UBUNTU) https://usn.ubuntu.com/4284-1/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4254-2/ - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20191205-0001/ - Third Party Advisory | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:* |
Information
Published : 2019-11-04 16:15
Updated : 2024-06-07 13:55
NVD link : CVE-2019-18683
Mitre link : CVE-2019-18683
CVE.ORG link : CVE-2019-18683
JSON object : View
Products Affected
netapp
- h610s
- h610s_firmware
- 8300
- element_software
- 8700
- solidfire
- 8700_firmware
- a400
- a700s_firmware
- steelstore_cloud_integrated_storage
- 8300_firmware
- a400_firmware
- active_iq_unified_manager
- cloud_backup
- a700s
- data_availability_services
- hci_management_node
- e-series_santricity_os_controller
debian
- debian_linux
canonical
- ubuntu_linux
linux
- linux_kernel
broadcom
- fabric_operating_system
opensuse
- leap