CVE-2019-18683

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-18683
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18683.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-18683
Downstream
Related
Published
2019-11-04T16:15:11.327Z
Modified
2026-02-12T07:25:43.711283Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vividstopgeneratingvidcap(), vividstopgeneratingvidout(), sdrcapstop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.

References

Affected packages

Git / github.com/lua/lua

Affected ranges

Type
GIT
Repo
https://github.com/lua/lua
Events
Introduced
c33b1728aeb7dfeec4013562660e07d32697aa6b
Fixed
9f791535cde1539338f6ba1b9154006595d97fe7

Affected versions

v5.*
v5.4.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18683.json"

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d41f74f0894deb18db13a43d56363d84f97dd237
Introduced
76b580d87afcbdd170853194ffcb80cee45894bd
Fixed
02db9931c8ccbe7ab0b4adb9af44577c27213eeb

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18683.json"