Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-18683
HistoryNov 04, 2019 - 4:15 p.m.

CVE-2019-18683

2019-11-0416:15:00
CWE-362
CWE-416
[email protected]
web.nvd.nist.gov
176
2
cve-2019-18683
linux kernel
vivid driver
privilege escalation
local users
/dev/video0 access
race conditions
use-after-free
nvd
vulnerability
security issue

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.

Social References

More

Related

redhatcve 1
prion 1
ubuntucve 1
ptsecurity 1
kitploit 1
debiancve 1
f5 1
nessus 18
openvas 8
ubuntu 6
slackware 1
cloudfoundry 1
suse 1
osv 1
debian 1
androidsecurity 1
redhatcve
redhatcve
CVE-2019-18683
2019-11-13 07:07:28
prion
prion
Race condition
2019-11-04 16:15:00
ubuntucve
ubuntucve
CVE-2019-18683
2019-11-04 00:00:00
ptsecurity
ptsecurity
PT-2019-05: Local privilege escalation
2019-01-11 00:00:00
kitploit
kitploit
Kconfig-Hardened-Check - A Tool For Checking The Hardening Options In The Linux Kernel Config
2021-06-18 21:30:00
debiancve
debiancve
CVE-2019-18683
2019-11-04 16:15:00
f5
f5
K88125023 : Linux kernel vulnerabilities CVE-2019-16921, CVE-2019-18683, CVE-2019-18805
2020-04-02 00:00:00
nessus
nessus
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4254-1)
2020-01-28 00:00:00
Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-008-01)
2020-01-09 00:00:00
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4258-1)
2020-01-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory for linux (USN-4254-1)
2020-01-29 00:00:00
Ubuntu: Security Advisory for linux-aws-5.0 (USN-4258-1)
2020-01-29 00:00:00
Ubuntu: Security Advisory for linux (USN-4287-1)
2020-02-19 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2020-01-28 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2020-01-29 00:00:00
Linux kernel vulnerabilities
2020-01-29 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2020-01-08 22:45:25
cloudfoundry
cloudfoundry
USN-4287-1: Linux kernel vulnerabilities | Cloud Foundry
2020-03-10 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2019-12-12 00:00:00
osv
osv
linux-4.9 - security update
2020-02-21 00:00:00
debian
debian
[SECURITY] [DLA 2114-1] linux-4.9 security update
2020-03-02 18:14:56
androidsecurity
androidsecurity
Pixel Update Bulletinβ€”June 2020
2020-06-01 00:00:00

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON
Related for CVE-2019-18683
redhatcve1prion1ubuntucve1ptsecurity1kitploit1debiancve1f51nessus18openvas8ubuntu6slackware1cloudfoundry1suse1osv1debian1androidsecurity1