ASA-2019-00630 – Linux kernel: Wrong locking causes race conditions on streaming stop in vivid driver


Allele Security Alert

ASA-2019-00630

Identifier(s)

ASA-2019-00630, CVE-2019-18683, CID-6dcd5d7a7a29

Title

Wrong locking causes race conditions on streaming stop in vivid driver

Vendor(s)

Linux foundation

Product(s)

Linux kernel

Affected version(s)

Linux kernel versions 5.4.x before 5.4.1
Linux kernel versions 5.3.x before 5.3.14
Linux kernel versions 4.14.x before 4.14.157
Linux kernel versions 4.19.x before 4.19.87
Linux kernel versions 4.9.x before 4.9.204
Linux kernel versions 4.4.x before 4.4.204

Fixed version(s)

Linux kernel version 5.4.1
Linux kernel version 5.3.14
Linux kernel version 4.14.157
Linux kernel version 4.19.87
Linux kernel version 4.9.204
Linux kernel version 4.4.204

Linux kernel versions with the following commit:

media: vivid: Fix wrong locking that causes race conditions on streaming stop
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6dcd5d7a7a29c1e4b8016a06aed78cd650cd8c27

Proof of concept

Yes

Description

An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem).

Technical details

Unknown

Credits

Alexander Popov

Reference(s)

media: vivid: Fix wrong locking that causes race conditions on streaming stop
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6dcd5d7a7a29c1e4b8016a06aed78cd650cd8c27

media: vivid: Fix wrong locking that causes race conditions on streaming stop
https://github.com/torvalds/linux/commit/6dcd5d7a7a29c1e4b8016a06aed78cd650cd8c27

[PATCH v4 1/1] media: vivid: Fix wrong locking that causes race conditions on streaming stop
https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/

[ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid
https://www.openwall.com/lists/oss-security/2019/11/02/1

media: vivid: Fix wrong locking that causes race conditions on streaming stop
https://git.linuxtv.org/media_tree.git/commit/?id=6dcd5d7a7a29c1e4b8016a06aed78cd650cd8c27

Linux 5.4.1
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1

Linux 5.3.14
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.14

Linux 4.14.157
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.157

Linux 4.19.87
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.87

Linux 4.9.204
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.204

Linux 4.4.204
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.204

CVE-2019-18683 | SUSE
https://www.suse.com/security/cve/CVE-2019-18683

CVE-2019-18683 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18683.html

CVE-2019-18683 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-18683

CVE-2019-18683
https://security-tracker.debian.org/tracker/CVE-2019-18683

CVE-2019-18683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683

CVE-2019-18683
https://nvd.nist.gov/vuln/detail/CVE-2019-18683

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: December 6, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.