CVE-2019-18683

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.8

Description The issue is related to a race condition in the V4L2 subsystem of the Linux kernel, specifically in the drivers/media/platform/vivid module. This is caused by incorrect mutex locking in functions such as vivid stop generating vid cap(), vivid stop generating vid out(), and sdr cap stop streaming(). The exploitation of this issue can lead to privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. At least one of these race conditions leads to a use-after-free.

Recommendations For Linux kernel versions prior to 5.3.8, consider updating to a version that includes the fix for this issue. As a temporary workaround, restricting access to the /dev/video0 device or disabling the vivid driver may help minimize the risk of exploitation. Additionally, avoiding the use of the affected functions until a patch is available can also be considered as a mitigation measure.