cnvd - cnvd-2019-42726

cnvd-2019-42726

Vulnerability from cnvd

Title

Linux kernel权限提升漏洞（CNVD-2019-42726）

Description

Linux kernel是一种计算机操作系统内核，以C语言和汇编语言写成，符合POSIX标准，按GNU通用公共许可证发行。 Linux kernel 5.3.8及更早版本中的drivers/media/platform/vivid存在权限提升漏洞。该漏洞源于vivid_stop_generating_vid_cap()、vivid_stop_generating_vid_out()、sdr_cap_stop_streaming()及相应的kthreads的互斥锁错误锁定。攻击者可利用该漏洞实现权限提升。

Severity

中

Patch Name

Linux kernel权限提升漏洞（CNVD-2019-42726）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-18683

Impacted products

Name
Linux Linux kernel <=5.3.8

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-18683",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-18683"
    }
  },
  "description": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\n\nLinux kernel 5.3.8\u53ca\u66f4\u65e9\u7248\u672c\u4e2d\u7684drivers/media/platform/vivid\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8evivid_stop_generating_vid_cap()\u3001vivid_stop_generating_vid_out()\u3001sdr_cap_stop_streaming()\u53ca\u76f8\u5e94\u7684kthreads\u7684\u4e92\u65a5\u9501\u9519\u8bef\u9501\u5b9a\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u6743\u9650\u63d0\u5347\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42726",
  "openTime": "2019-11-28",
  "patchDescription": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\r\n\r\nLinux kernel 5.3.8\u53ca\u66f4\u65e9\u7248\u672c\u4e2d\u7684drivers/media/platform/vivid\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8evivid_stop_generating_vid_cap()\u3001vivid_stop_generating_vid_out()\u3001sdr_cap_stop_streaming()\u53ca\u76f8\u5e94\u7684kthreads\u7684\u4e92\u65a5\u9501\u9519\u8bef\u9501\u5b9a\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u6743\u9650\u63d0\u5347\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2019-42726\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Linux kernel \u003c=5.3.8"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-18683",
  "serverity": "\u4e2d",
  "submitTime": "2019-11-05",
  "title": "Linux kernel\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2019-42726\uff09"
}

CVE-2019-18683 (GCVE-0-2019-18683)

Vulnerability from cvelistv5

Published

2019-11-04 15:36

Modified

2024-08-05 02:02

Severity ?

CWE

Summary

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.

References

URL

Tags

	https://www.openwall.com/lists/oss-security/2019/11/02/1	x_refsource_MISC
	https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/11/05/1	mailing-list, x_refsource_MLIST
	https://security.netapp.com/advisory/ntap-20191205-0001/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html	vendor-advisory, x_refsource_SUSE
	https://seclists.org/bugtraq/2020/Jan/10	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html	x_refsource_MISC
	https://usn.ubuntu.com/4254-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4254-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4258-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4287-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4287-2/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4284-1/	vendor-advisory, x_refsource_UBUNTU