[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-18683Date: (C)2019-11-05   (M)2024-03-26


An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.0CVSS Score : 6.9
Exploit Score: 1.0Exploit Score: 3.4
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
https://seclists.org/bugtraq/2020/Jan/10
USN-4254-1
USN-4254-2
USN-4258-1
USN-4284-1
USN-4287-1
USN-4287-2
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
http://www.openwall.com/lists/oss-security/2019/11/05/1
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/
https://security.netapp.com/advisory/ntap-20191205-0001/
https://www.openwall.com/lists/oss-security/2019/11/02/1
openSUSE-SU-2019:2675

CPE    3
cpe:/o:debian:debian_linux:8.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/o:linux:linux_kernel
CWE    1
CWE-362
OVAL    17
oval:org.secpod.oval:def:705356
oval:org.secpod.oval:def:705358
oval:org.secpod.oval:def:70174
oval:org.secpod.oval:def:89000107
...

© SecPod Technologies