CVE-2019-18683: Race Condition
First published: Mon Nov 04 2019(Updated: )
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/linux | <4.15.0-88.88 | 4.15.0-88.88 |
| ubuntu/linux | <5.3.0-40.32 | 5.3.0-40.32 |
| ubuntu/linux | <5.5~ | 5.5~ |
| ubuntu/linux | <4.4.0-173.203 | 4.4.0-173.203 |
| ubuntu/linux-aws | <4.15.0-1060.62 | 4.15.0-1060.62 |
| ubuntu/linux-aws | <5.3.0-1011.12 | 5.3.0-1011.12 |
| ubuntu/linux-aws | <4.4.0-1061.65 | 4.4.0-1061.65 |
| ubuntu/linux-aws | <5.5~ | 5.5~ |
| ubuntu/linux-aws | <4.4.0-1101.112 | 4.4.0-1101.112 |
| ubuntu/linux-aws-5.0 | <5.0.0-1024.27~18.04.1 | 5.0.0-1024.27~18.04.1 |
| ubuntu/linux-aws-5.0 | <5.5~ | 5.5~ |
| ubuntu/linux-aws-5.3 | <5.5~ | 5.5~ |
| ubuntu/linux-aws-hwe | <5.5~ | 5.5~ |
| ubuntu/linux-aws-hwe | <4.15.0-1060.62~16.04.1 | 4.15.0-1060.62~16.04.1 |
| ubuntu/linux-azure | <5.0.0-1029.31~18.04.1 | 5.0.0-1029.31~18.04.1 |
| ubuntu/linux-azure | <5.3.0-1013.14 | 5.3.0-1013.14 |
| ubuntu/linux-azure | <4.15.0-1071.76~14.04.1 | 4.15.0-1071.76~14.04.1 |
| ubuntu/linux-azure | <5.5~ | 5.5~ |
| ubuntu/linux-azure | <4.15.0-1071.76 | 4.15.0-1071.76 |
| ubuntu/linux-azure-4.15 | <5.5~ | 5.5~ |
| ubuntu/linux-azure-5.3 | <5.3.0-1013.14~18.04.1 | 5.3.0-1013.14~18.04.1 |
| ubuntu/linux-azure-5.3 | <5.5~ | 5.5~ |
| ubuntu/linux-azure-edge | <5.5~ | 5.5~ |
| ubuntu/linux-gcp | <5.0.0-1029.30~18.04.1 | 5.0.0-1029.30~18.04.1 |
| ubuntu/linux-gcp | <5.3.0-1012.13 | 5.3.0-1012.13 |
| ubuntu/linux-gcp | <5.5~ | 5.5~ |
| ubuntu/linux-gcp | <4.15.0-1055.59 | 4.15.0-1055.59 |
| ubuntu/linux-gcp-4.15 | <5.5~ | 5.5~ |
| ubuntu/linux-gcp-5.3 | <5.3.0-1012.13~18.04.1 | 5.3.0-1012.13~18.04.1 |
| ubuntu/linux-gcp-5.3 | <5.5~ | 5.5~ |
| ubuntu/linux-gcp-edge | <5.5~ | 5.5~ |
| ubuntu/linux-gke-4.15 | <4.15.0-1052.55 | 4.15.0-1052.55 |
| ubuntu/linux-gke-4.15 | <5.5~ | 5.5~ |
| ubuntu/linux-gke-5.0 | <5.0.0-1029.30~18.04.1 | 5.0.0-1029.30~18.04.1 |
| ubuntu/linux-gke-5.0 | <5.5~ | 5.5~ |
| ubuntu/linux-gke-5.3 | <5.3.0-1012.13~18.04.1 | 5.3.0-1012.13~18.04.1 |
| ubuntu/linux-gke-5.3 | <5.5~ | 5.5~ |
| ubuntu/linux-hwe | <5.3.0-40.32~18.04.1 | 5.3.0-40.32~18.04.1 |
| ubuntu/linux-hwe | <5.5~ | 5.5~ |
| ubuntu/linux-hwe | <4.15.0-88.88~16.04.1 | 4.15.0-88.88~16.04.1 |
| ubuntu/linux-hwe-edge | <5.5~ | 5.5~ |
| ubuntu/linux-kvm | <4.15.0-1053.53 | 4.15.0-1053.53 |
| ubuntu/linux-kvm | <5.3.0-1010.11 | 5.3.0-1010.11 |
| ubuntu/linux-kvm | <5.5~ | 5.5~ |
| ubuntu/linux-kvm | <4.4.0-1065.72 | 4.4.0-1065.72 |
| ubuntu/linux-lts-trusty | <5.5~ | 5.5~ |
| ubuntu/linux-lts-xenial | <4.4.0-173.203~14.04.1 | 4.4.0-173.203~14.04.1 |
| ubuntu/linux-lts-xenial | <5.5~ | 5.5~ |
| ubuntu/linux-oem | <4.15.0-1073.83 | 4.15.0-1073.83 |
| ubuntu/linux-oem | <5.5~ | 5.5~ |
| ubuntu/linux-oem-5.6 | <5.5~ | 5.5~ |
| ubuntu/linux-oem-osp1 | <5.0.0-1037.42 | 5.0.0-1037.42 |
| ubuntu/linux-oem-osp1 | <5.0.0-1037.42 | 5.0.0-1037.42 |
| ubuntu/linux-oem-osp1 | <5.5~ | 5.5~ |
| ubuntu/linux-oracle | <4.15.0-1033.36 | 4.15.0-1033.36 |
| ubuntu/linux-oracle | <5.3.0-1009.10 | 5.3.0-1009.10 |
| ubuntu/linux-oracle | <5.5~ | 5.5~ |
| ubuntu/linux-oracle | <4.15.0-1033.36~16.04.1 | 4.15.0-1033.36~16.04.1 |
| ubuntu/linux-oracle-5.0 | <5.0.0-1010.15~18.04.1 | 5.0.0-1010.15~18.04.1 |
| ubuntu/linux-oracle-5.0 | <5.5~ | 5.5~ |
| ubuntu/linux-oracle-5.3 | <5.5~ | 5.5~ |
| ubuntu/linux-raspi | <5.5~ | 5.5~ |
| ubuntu/linux-raspi2 | <4.15.0-1055.59 | 4.15.0-1055.59 |
| ubuntu/linux-raspi2 | <5.3.0-1018.20 | 5.3.0-1018.20 |
| ubuntu/linux-raspi2 | <5.5~ | 5.5~ |
| ubuntu/linux-raspi2 | <4.4.0-1128.137 | 4.4.0-1128.137 |
| ubuntu/linux-raspi2-5.3 | <5.3.0-1018.20~18.04.1 | 5.3.0-1018.20~18.04.1 |
| ubuntu/linux-raspi2-5.3 | <5.5~ | 5.5~ |
| ubuntu/linux-riscv | <5.5~ | 5.5~ |
| ubuntu/linux-snapdragon | <4.15.0-1072.79 | 4.15.0-1072.79 |
| ubuntu/linux-snapdragon | <5.5~ | 5.5~ |
| ubuntu/linux-snapdragon | <4.4.0-1132.140 | 4.4.0-1132.140 |
| Linux Linux kernel | <=5.3.8 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| openSUSE Leap | =15.1 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Cloud Backup | ||
| Netapp Data Availability Services | ||
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.1 | |
| Netapp Element Software | ||
| Netapp Hci Management Node | ||
| Netapp Solidfire | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| Broadcom Fabric Operating System | ||
| All of | ||
| Netapp A700s Firmware | ||
| Netapp A700s | ||
| All of | ||
| Netapp 8300 Firmware | ||
| Netapp 8300 | ||
| All of | ||
| Netapp 8700 Firmware | ||
| Netapp 8700 | ||
| All of | ||
| Netapp A400 Firmware | ||
| Netapp A400 | ||
| All of | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| Debian Debian Linux | =8.0 | |
| Netapp A700s Firmware | ||
| Netapp A700s | ||
| Netapp 8300 Firmware | ||
| Netapp 8300 | ||
| Netapp 8700 Firmware | ||
| Netapp 8700 | ||
| Netapp A400 Firmware | ||
| Netapp A400 | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 6.8.9-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://www.openwall.com/lists/oss-security/2019/11/05/1
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/
- https://seclists.org/bugtraq/2020/Jan/10
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://usn.ubuntu.com/4254-1/
- https://usn.ubuntu.com/4254-2/
- https://usn.ubuntu.com/4258-1/
- https://usn.ubuntu.com/4284-1/
- https://usn.ubuntu.com/4287-1/
- https://usn.ubuntu.com/4287-2/
- https://www.openwall.com/lists/oss-security/2019/11/02/1
- https://launchpad.net/bugs/cve/CVE-2019-18683
- https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/
- https://security-tracker.debian.org/tracker/CVE-2019-18683
- https://ubuntu.com/security/notices/USN-4254-1
- https://ubuntu.com/security/notices/USN-4254-2
- https://ubuntu.com/security/notices/USN-4258-1
- https://ubuntu.com/security/notices/USN-4284-1
- https://ubuntu.com/security/notices/USN-4287-1
- https://ubuntu.com/security/notices/USN-4287-2
- https://www.cve.org/CVERecord?id=CVE-2019-18683
- https://nvd.nist.gov/vuln/detail/CVE-2019-18683
- https://git.kernel.org/linus/3f682ffcf957b556a7868decd5593d765ed3455d
- https://git.kernel.org/linus/6dcd5d7a7a29c1e4b8016a06aed78cd650cd8c27
- https://git.kernel.org/linus/6de8653f410c5413a557eb48e2492a93f7af664b
- https://ubuntu.com/security/CVE-2019-18683
Parent vulnerabilities
(Appears in the following advisories)
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/remedy
- agent/severity
- agent/description
- agent/weakness
- agent/event
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/ubuntu
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.3.8
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp data availability services
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.70.1
- canonical/netapp element software
- canonical/netapp hci management node
- canonical/netapp solidfire
- canonical/netapp steelstore cloud integrated storage
- vendor/broadcom
- canonical/broadcom fabric operating system
- canonical/netapp a700s firmware
- canonical/netapp a700s
- canonical/netapp 8300 firmware
- canonical/netapp 8300
- canonical/netapp 8700 firmware
- canonical/netapp 8700
- canonical/netapp a400 firmware
- canonical/netapp a400
- canonical/netapp h610s firmware
- canonical/netapp h610s
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0