CVE-2019-18683

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

06 Jun 2024, 19:13

Type Values Removed Values Added
References () https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/ - () https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/ - Vendor Advisory

07 Nov 2023, 03:06

Type Values Removed Values Added
References
  • {'url': 'https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/', 'name': 'https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'MISC'}
  • () https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/ -

18 Apr 2022, 15:46

Type Values Removed Values Added
First Time Netapp a700s
Netapp hci Management Node
Netapp 8300 Firmware
Debian debian Linux
Netapp a400
Netapp e-series Santricity Os Controller
Canonical ubuntu Linux
Netapp
Netapp a700s Firmware
Netapp 8700 Firmware
Netapp h610s
Broadcom fabric Operating System
Netapp 8700
Broadcom
Canonical
Netapp 8300
Netapp cloud Backup
Netapp active Iq Unified Manager
Netapp data Availability Services
Netapp a400 Firmware
Debian
Netapp element Software
Opensuse leap
Netapp steelstore Cloud Integrated Storage
Netapp h610s Firmware
Netapp solidfire
Opensuse
CWE CWE-416
References (BUGTRAQ) https://seclists.org/bugtraq/2020/Jan/10 - (BUGTRAQ) https://seclists.org/bugtraq/2020/Jan/10 - Mailing List, Patch, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4287-1/ - (UBUNTU) https://usn.ubuntu.com/4287-1/ - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4258-1/ - (UBUNTU) https://usn.ubuntu.com/4258-1/ - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4254-1/ - (UBUNTU) https://usn.ubuntu.com/4254-1/ - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20191205-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20191205-0001/ - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4287-2/ - (UBUNTU) https://usn.ubuntu.com/4287-2/ - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4284-1/ - (UBUNTU) https://usn.ubuntu.com/4284-1/ - Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - (MISC) http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Third Party Advisory, VDB Entry
References (UBUNTU) https://usn.ubuntu.com/4254-2/ - (UBUNTU) https://usn.ubuntu.com/4254-2/ - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2019/11/05/1 - Exploit, Third Party Advisory (MLIST) http://www.openwall.com/lists/oss-security/2019/11/05/1 - Exploit, Mailing List, Third Party Advisory
CPE cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*

Information

Published : 2019-11-04 16:15

Updated : 2024-06-07 13:55


NVD link : CVE-2019-18683

Mitre link : CVE-2019-18683

CVE.ORG link : CVE-2019-18683


JSON object : View

Products Affected

netapp

  • h610s
  • h610s_firmware
  • 8300
  • hci_management_node
  • a700s
  • element_software
  • a400
  • a700s_firmware
  • 8700
  • 8700_firmware
  • a400_firmware
  • solidfire
  • cloud_backup
  • steelstore_cloud_integrated_storage
  • active_iq_unified_manager
  • data_availability_services
  • 8300_firmware
  • e-series_santricity_os_controller

canonical

  • ubuntu_linux

broadcom

  • fabric_operating_system

opensuse

  • leap

linux

  • linux_kernel

debian

  • debian_linux
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-416

Use After Free