CVE-2019-18683 — Race Condition in Kernel
Severity
7.0HIGHNVD
OSV7.5OSV5.5
EPSS
1.0%
top 22.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedNov 4
Latest updateMay 24
Description
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), an…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages5 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.10
Patches
🔴Vulnerability Details
10GHSA▶
GHSA-fgwh-54wv-865r: An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5↗2022-05-24
OSV▶
linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3 vulnerabilities↗2020-02-19
OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2020-02-18
📋Vendor Advisories
8💬Community
2Bugzilla▶
CVE-2019-18683 kernel: race condition in vivid_stop_generating_vid_cap(),vivid_stop_generating_vid_out(), sdr_cap_stop_streaming()↗2019-11-13
Bugzilla▶
CVE-2019-18683 kernel: race condition in vivid_stop_generating_vid_cap(),vivid_stop_generating_vid_out(), sdr_cap_stop_streaming() [fedora-all]↗2019-11-13