CVE-2019-18683

Published: Nov 4, 2019Modified: Nov 21, 2024

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.

Affected (26)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Opensuse: Leap · +3 more

Show all products

1 product

1 product

1 product

13 products

Active Iq Unified Manager

Data Availability Services

E Series Santricity Os Controller

Element Software

Hci Management Node

Steelstore Cloud Integrated Storage

1 product

Fabric Operating System

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.18 to 4.4.204
Linux Linux Kernel	From 4.10 to 4.14.157
Linux Linux Kernel	From 4.15 to 4.19.87
Linux Linux Kernel	From 4.20 to 5.3.14
Linux Linux Kernel	From 4.5 to 4.9.204
Linux Linux Kernel	From 5.4 to 5.4.1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.10

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Configuration D

8 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Cloud Backup	All versions
Netapp Data Availability Services	All versions
Netapp E Series Santricity Os Controller	From 11.0.0 to 11.70.1
Netapp Element Software	All versions
Netapp Hci Management Node	All versions
Netapp Solidfire	All versions
Netapp Steelstore Cloud Integrated Storage	All versions

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Broadcom Fabric Operating System	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp A700s Firmware	All versions

Running on/with	Platform Versions
Netapp A700s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp 8300 Firmware	All versions

Running on/with	Platform Versions
Netapp 8300	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp 8700 Firmware	All versions

Running on/with	Platform Versions
Netapp 8700	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp A400 Firmware	All versions

Running on/with	Platform Versions
Netapp A400	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H610s Firmware	All versions

Running on/with	Platform Versions
Netapp H610s	All versions

Configuration K

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (28)

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2019/11/05/1

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/

Source: cve@mitre.org

Vendor Advisory

https://seclists.org/bugtraq/2020/Jan/10

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20191205-0001/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4254-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4254-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4258-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4284-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4287-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4287-2/

Source: cve@mitre.org

Third Party Advisory

https://www.openwall.com/lists/oss-security/2019/11/02/1

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2019/11/05/1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://seclists.org/bugtraq/2020/Jan/10

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20191205-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4254-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4254-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4258-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4284-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4287-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4287-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.openwall.com/lists/oss-security/2019/11/02/1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

Timeline

No history available yet.