CVE-2019-18683
Severity Score
7.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
Se detectó un problema en el archivo drivers/media/platform/vivid en el kernel de Linux versiones hasta 5.3.8. Esto es explotable para una escalada de privilegios en algunas distribuciones de Linux donde los usuarios locales tienen acceso a /dev/video0, pero solo si el controlador ha sido cargado. Se presenta varias condiciones de carrera durante la detención de la transmisión en este controlador (parte del subsistema V4L2). Estos problemas son causados ??por el bloqueo de mutex incorrecto en las funciones vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming() y los kthreads correspondientes. Al menos una de estas condiciones de carrera conlleva a un uso de la memoria previamente liberada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-11-04 CVE Reserved
- 2019-11-04 CVE Published
- 2020-05-12 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-416: Use After Free
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html | Third Party Advisory |
|
| https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20191205-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/sanjana123-cloud/CVE-2019-18683 | 2020-05-12 | |
| http://www.openwall.com/lists/oss-security/2019/11/05/1 | 2024-08-05 | |
| https://www.openwall.com/lists/oss-security/2019/11/02/1 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://seclists.org/bugtraq/2020/Jan/10 | 2024-06-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html | 2024-06-07 | |
| https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com | 2024-06-07 | |
| https://usn.ubuntu.com/4254-1 | 2024-06-07 | |
| https://usn.ubuntu.com/4254-2 | 2024-06-07 | |
| https://usn.ubuntu.com/4258-1 | 2024-06-07 | |
| https://usn.ubuntu.com/4284-1 | 2024-06-07 | |
| https://usn.ubuntu.com/4287-1 | 2024-06-07 | |
| https://usn.ubuntu.com/4287-2 | 2024-06-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | A700s Firmware Search vendor "Netapp" for product "A700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | A700s Search vendor "Netapp" for product "A700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | 8300 Firmware Search vendor "Netapp" for product "8300 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | 8300 Search vendor "Netapp" for product "8300" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | 8700 Firmware Search vendor "Netapp" for product "8700 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | 8700 Search vendor "Netapp" for product "8700" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | A400 Firmware Search vendor "Netapp" for product "A400 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | A400 Search vendor "Netapp" for product "A400" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H610s Firmware Search vendor "Netapp" for product "H610s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H610s Search vendor "Netapp" for product "H610s" | - | - |
Safe
|
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.18 < 4.4.204 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.18 < 4.4.204" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.204 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.204" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.157 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.157" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.19.87 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.87" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 5.3.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.3.14" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.4.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Data Availability Services Search vendor "Netapp" for product "Data Availability Services" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | >= 11.0.0 <= 11.70.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version " >= 11.0.0 <= 11.70.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Element Software Search vendor "Netapp" for product "Element Software" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Fabric Operating System Search vendor "Broadcom" for product "Fabric Operating System" | - | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||