PT-2018-3349 · Linux+2 · Linux Kernel+2

Published

2018-05-11

Updated

2023-02-24

CVE-2019-18675

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.13

Description: The issue is related to an integer overflow in the cpia2 remap buffer function, located in drivers/media/usb/cpia2/cpia2 core.c, which can be exploited to gain read and write access to kernel physical pages. This could potentially result in privilege escalation. The vulnerability can be exploited by local users with access to /dev/video0.

Recommendations: For Linux kernel versions prior to 5.3.13, update to a version that contains a fix for this issue to prevent potential privilege escalation. As a temporary workaround, consider restricting access to /dev/video0 to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2018-1912

ALT-PU-2018-1916

ALT-PU-2018-1919

BDU:2020-00368

CVE-2019-18675

SUSE-SU-2020:1255-1

SUSE-SU-2020:1275-1

SUSE-SU-2020:14354-1

Affected Products

Alt Linux

Linux Kernel

Suse

PT-2018-3349 · Linux+2 · Linux Kernel+2

CVE-2019-18675

Weakness Enumeration

Related Identifiers

Affected Products

References · 194