Lucene search

[email protected]NVD:CVE-2019-18683

HistoryNov 04, 2019 - 4:15 p.m.

CVE-2019-18683

2019-11-0416:15:11

CWE-416

CWE-362

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.

Affected configurations

NVD

Node

linuxlinux_kernelRange3.18–4.4.204

linuxlinux_kernelRange4.5–4.9.204

linuxlinux_kernelRange4.10–4.14.157

linuxlinux_kernelRange4.15–4.19.87

linuxlinux_kernelRange4.20–5.3.14

linuxlinux_kernelRange5.4–5.4.1

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.10

Node

opensuseleapMatch15.1

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappcloud_backupMatch-

netappdata_availability_servicesMatch-

netappe-series_santricity_os_controllerRange11.0.0–11.70.1

netappelement_softwareMatch-

netapphci_management_nodeMatch-

netappsolidfireMatch-

netappsteelstore_cloud_integrated_storageMatch-

Node

broadcomfabric_operating_systemMatch-

Node

netappa700s_firmwareMatch-

AND

netappa700sMatch-

Node

netapp8300_firmwareMatch-

AND

netapp8300Match-

Node

netapp8700_firmwareMatch-

AND

netapp8700Match-

Node

netappa400_firmwareMatch-

AND

netappa400Match-

Node

netapph610s_firmwareMatch-

AND

netapph610sMatch-

Node

debiandebian_linuxMatch8.0

References

lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

www.openwall.com/lists/oss-security/2019/11/05/1

lists.debian.org/debian-lts-announce/2020/03/msg00001.html

lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/

seclists.org/bugtraq/2020/Jan/10

security.netapp.com/advisory/ntap-20191205-0001/

usn.ubuntu.com/4254-1/

usn.ubuntu.com/4254-2/

usn.ubuntu.com/4258-1/

usn.ubuntu.com/4284-1/

usn.ubuntu.com/4287-1/

usn.ubuntu.com/4287-2/

www.openwall.com/lists/oss-security/2019/11/02/1

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

Related for NVD:CVE-2019-18683

redhatcve1 prion1 ubuntucve1 cve1 debiancve1 ptsecurity1 kitploit1 cvelist1 f51 ubuntu6 nessus18 openvas21 slackware1 cloudfoundry1 suse1 debian1 osv1 androidsecurity1