Aleksandr Popov

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.3.8 **Description** The issue is related to a race condition in the V4L2 subsystem of the Linux kernel, specifically in the drivers/media/platform/vivid module. This is caused by incorrect mutex locking in functions such as `vivid stop generating vid cap()`, `vivid stop generating vid out()`, and `sdr cap stop streaming()`. The exploitation of this issue can lead to privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. At least one of these race conditions leads to a use-after-free. **Recommendations** For Linux kernel versions prior to 5.3.8, consider updating to a version that includes the fix for this issue. As a temporary workaround, restricting access to the /dev/video0 device or disabling the vivid driver may help minimize the risk of exploitation. Additionally, avoiding the use of the affected functions until a patch is available can also be considered as a mitigation measure.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.10.1 **Description** A race condition in the Linux kernel allows local users to gain privileges or cause a denial of service by setting the HDLC line discipline. This issue affects the `drivers/tty/n hdlc.c` component. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Linux kernel versions through 4.10.1, update to a version later than 4.10.1 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.