An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
|
History
07 Nov 2023, 03:06
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
18 Apr 2022, 15:46
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) https://seclists.org/bugtraq/2020/Jan/10 - Mailing List, Patch, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4287-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4258-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4254-1/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20191205-0001/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4287-2/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4284-1/ - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Third Party Advisory, VDB Entry | |
References | (UBUNTU) https://usn.ubuntu.com/4254-2/ - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2019/11/05/1 - Exploit, Mailing List, Third Party Advisory | |
First Time |
Netapp a700s
Netapp hci Management Node Netapp 8300 Firmware Debian debian Linux Netapp a400 Netapp e-series Santricity Os Controller Canonical ubuntu Linux Netapp Netapp a700s Firmware Netapp 8700 Firmware Netapp h610s Broadcom fabric Operating System Netapp 8700 Broadcom Canonical Netapp 8300 Netapp cloud Backup Netapp active Iq Unified Manager Netapp data Availability Services Netapp a400 Firmware Debian Netapp element Software Opensuse leap Netapp steelstore Cloud Integrated Storage Netapp h610s Firmware Netapp solidfire Opensuse |
|
CWE | CWE-416 | |
CPE | cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:* |
Information
Published : 2019-11-04 16:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-18683
Mitre link : CVE-2019-18683
CVE.ORG link : CVE-2019-18683
JSON object : View
Products Affected
netapp
- solidfire
- 8700
- cloud_backup
- data_availability_services
- 8300
- steelstore_cloud_integrated_storage
- 8700_firmware
- a700s
- h610s_firmware
- element_software
- a400
- 8300_firmware
- e-series_santricity_os_controller
- a400_firmware
- a700s_firmware
- active_iq_unified_manager
- hci_management_node
- h610s
canonical
- ubuntu_linux
opensuse
- leap
broadcom
- fabric_operating_system
debian
- debian_linux
linux
- linux_kernel