CVE-2019-18683

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

06 Jun 2024, 19:13

Type Values Removed Values Added
References () https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/ - () https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/ - Vendor Advisory

18 Apr 2022, 15:46

Type Values Removed Values Added
CWE CWE-416
References (UBUNTU) https://usn.ubuntu.com/4254-1/ - (UBUNTU) https://usn.ubuntu.com/4254-1/ - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2019/11/05/1 - Exploit, Third Party Advisory (MLIST) http://www.openwall.com/lists/oss-security/2019/11/05/1 - Exploit, Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4258-1/ - (UBUNTU) https://usn.ubuntu.com/4258-1/ - Third Party Advisory
References (BUGTRAQ) https://seclists.org/bugtraq/2020/Jan/10 - (BUGTRAQ) https://seclists.org/bugtraq/2020/Jan/10 - Mailing List, Patch, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4287-1/ - (UBUNTU) https://usn.ubuntu.com/4287-1/ - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4287-2/ - (UBUNTU) https://usn.ubuntu.com/4287-2/ - Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - (MISC) http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Third Party Advisory, VDB Entry
References (UBUNTU) https://usn.ubuntu.com/4284-1/ - (UBUNTU) https://usn.ubuntu.com/4284-1/ - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4254-2/ - (UBUNTU) https://usn.ubuntu.com/4254-2/ - Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20191205-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20191205-0001/ - Third Party Advisory
CPE cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*

Information

Published : 2019-11-04 16:15

Updated : 2024-06-07 13:55


NVD link : CVE-2019-18683

Mitre link : CVE-2019-18683

CVE.ORG link : CVE-2019-18683


JSON object : View

Products Affected

netapp

  • h610s
  • h610s_firmware
  • 8300
  • element_software
  • 8700
  • solidfire
  • 8700_firmware
  • a400
  • a700s_firmware
  • steelstore_cloud_integrated_storage
  • 8300_firmware
  • a400_firmware
  • active_iq_unified_manager
  • cloud_backup
  • a700s
  • data_availability_services
  • hci_management_node
  • e-series_santricity_os_controller

debian

  • debian_linux

canonical

  • ubuntu_linux

linux

  • linux_kernel

broadcom

  • fabric_operating_system

opensuse

  • leap
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-416

Use After Free