CVE-2019-18683

HIGH

Linux kernel <5.3.8 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-18683. PoCs published by Limesss, sanjana123-cloud.

AI-analyzed exploit summary This PoC exploits a kernel vulnerability in the vivid driver (CVE-2019-18683) to crash the kernel and potentially achieve privilege escalation. It uses userfaultfd to manipulate memory and trigger the vulnerability.

Description

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.

Exploits (2)

nomisec WORKING POC 2 stars
by Limesss · poc
https://github.com/Limesss/cve-2019-18683

This PoC exploits a kernel vulnerability in the vivid driver (CVE-2019-18683) to crash the kernel and potentially achieve privilege escalation. It uses userfaultfd to manipulate memory and trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel (vivid driver)
No auth needed
Prerequisites: Linux kernel with vulnerable vivid driver · userfaultfd support
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (14)

Core 14
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2019/11/02/1
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/11/05/1
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20191205-0001/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2020/Jan/10
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4254-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4254-2/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4258-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4287-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4287-2/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4284-1/

Scores

CVSS v3 7.0
EPSS 0.0098
EPSS Percentile 57.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-362 CWE-416
Status published
Products (21)
broadcom/fabric_operating_system
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.10
debian/debian_linux 8.0
linux/linux_kernel 3.18 - 4.4.204
netapp/8300_firmware
netapp/8700_firmware
netapp/a400_firmware
... and 11 more
Published Nov 04, 2019
Tracked Since Feb 18, 2026