CVE-2019-18683

HIGH

Linux kernel <5.3.8 - Privilege Escalation

Title source: llm

Description

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.

Exploits (2)

nomisec WORKING POC 2 stars

by Limesss · poc

https://github.com/Limesss/cve-2019-18683

View Code ZIP pw:eip

nomisec NO CODE

by sanjana123-cloud · poc

https://github.com/sanjana123-cloud/CVE-2019-18683

View Code ZIP pw:eip

References (14)

Core 14

Core References

Exploit, Mailing List, Third Party Advisory x_refsource_misc

https://www.openwall.com/lists/oss-security/2019/11/02/1

Vendor Advisory x_refsource_misc

https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/11/05/1

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20191205-0001/

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2020/Jan/10

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4254-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4254-2/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4258-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4287-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4287-2/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4284-1/

Scores

CVSS v3 7.0

EPSS 0.0089

EPSS Percentile 75.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362 CWE-416

Status published

Products (21)

broadcom/fabric_operating_system

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.10

debian/debian_linux 8.0

linux/linux_kernel 3.18 - 4.4.204

netapp/8300_firmware

netapp/8700_firmware

netapp/a400_firmware

... and 11 more

Published Nov 04, 2019

Tracked Since Feb 18, 2026