ID

VAR-201911-0712


CVE

CVE-2019-18683


TITLE

Linux Kernel Race condition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011718

DESCRIPTION

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. Linux Kernel Contains a race condition vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.208/*: Upgraded. IPV6_MULTIPLE_TABLES n -> y +IPV6_SUBTREES y These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.203: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15917 Fixed in 4.4.204: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683 Fixed in 4.4.206: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614 Fixed in 4.4.207: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332 Fixed in 4.4.208: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: ef3ab53561656d90c19389bed7f883ea kernel-generic-4.4.208-i586-1.txz ce33ac504adf47d140c3d9ffbf7589b2 kernel-generic-smp-4.4.208_smp-i686-1.txz 2fb222e279ceacf6e3af294a1cce54e9 kernel-headers-4.4.208_smp-x86-1.txz c237d6708a9d59080deb5a6659d1acf1 kernel-huge-4.4.208-i586-1.txz 29018038f4e0510dfa7e9cdfe69c994a kernel-huge-smp-4.4.208_smp-i686-1.txz 6518395d78e7c7b323bd964dd3b9ed13 kernel-modules-4.4.208-i586-1.txz 440885e37ee410473bf1c9a6b028dd8b kernel-modules-smp-4.4.208_smp-i686-1.txz 969021b83f0cb73d7b745b3d77bdbee0 kernel-source-4.4.208_smp-noarch-1.txz Slackware x86_64 14.2 packages: d6edb0754c752aaf8fcbd8d4d5bfc30a kernel-generic-4.4.208-x86_64-1.txz 10255231f7085336046b49e829bf972c kernel-headers-4.4.208-x86-1.txz 369fa14fb7f59f1e903402be3ad685e7 kernel-huge-4.4.208-x86_64-1.txz b8c8261fbb6bed66c3ded3aa36e206df kernel-modules-4.4.208-x86_64-1.txz 83f37ca83c19fe8d1a785c93cc1ad6f5 kernel-source-4.4.208-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.208-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.208 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAl4WVEYACgkQakRjwEAQIjMljgCfTQKeQBRpNgxFhMtrKSwy0afq emEAoI4MwPctKJAsQZyfhUymhvQ6bWUh =xnPY -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-4287-2 February 18, 2020 linux-azure vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems Details: USN-4287-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099) It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16229) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-18786) It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-18809) It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19062) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063) It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19071) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19078) It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19082) Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19767) Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965) It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-20096) Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: linux-image-4.15.0-1069-azure 4.15.0-1069.74~14.04.1 linux-image-azure 4.15.0.1069.55 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4287-2 https://usn.ubuntu.com/4287-1 CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229, CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18809, CVE-2019-18885, CVE-2019-19057, CVE-2019-19062, CVE-2019-19063, CVE-2019-19071, CVE-2019-19078, CVE-2019-19082, CVE-2019-19227, CVE-2019-19332, CVE-2019-19767, CVE-2019-19965, CVE-2019-20096, CVE-2019-5108, CVE-2020-7053

Trust: 2.34

sources: NVD: CVE-2019-18683 // JVNDB: JVNDB-2019-011718 // VULMON: CVE-2019-18683 // PACKETSTORM: 156110 // PACKETSTORM: 155890 // PACKETSTORM: 156422 // PACKETSTORM: 156427 // PACKETSTORM: 156418 // PACKETSTORM: 156125 // PACKETSTORM: 156124

AFFECTED PRODUCTS

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.15

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.4.204

Trust: 1.0

vendor:netappmodel:8300scope:eqversion: -

Trust: 1.0

vendor:netappmodel:a400scope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.1

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9.204

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.5

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.4

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:a700sscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.70.1

Trust: 1.0

vendor:broadcommodel:fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.10

Trust: 1.0

vendor:netappmodel:data availability servicesscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.87

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.3.14

Trust: 1.0

vendor:netappmodel:element softwarescope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.14.157

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:8700scope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h610sscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.18

Trust: 1.0

vendor:linuxmodel:kernelscope:lteversion:5.3.8

Trust: 0.8

sources: JVNDB: JVNDB-2019-011718 // NVD: CVE-2019-18683

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18683
value: HIGH

Trust: 1.0

NVD: CVE-2019-18683
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-066
value: HIGH

Trust: 0.6

VULMON: CVE-2019-18683
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-18683
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-18683
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-18683
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2019-18683 // JVNDB: JVNDB-2019-011718 // CNNVD: CNNVD-201911-066 // NVD: CVE-2019-18683

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.8

problemtype:CWE-416

Trust: 1.0

sources: JVNDB: JVNDB-2019-011718 // NVD: CVE-2019-18683

THREAT TYPE

local

Trust: 1.1

sources: PACKETSTORM: 156110 // PACKETSTORM: 156422 // PACKETSTORM: 156427 // PACKETSTORM: 156418 // PACKETSTORM: 156124 // CNNVD: CNNVD-201911-066

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201911-066

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011718

PATCH

title:Linux Kernel Archivesurl:http://www.kernel.org

Trust: 0.8

title:[PATCH v4 1/1] media: vivid: Fix wrong locking that causes race conditions on streaming stopurl:https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/

Trust: 0.8

title:Linux kernel Repair measures for the competition condition problem loopholeurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102033

Trust: 0.6

title:Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4254-1

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4254-2

Trust: 0.1

title:Ubuntu Security Notice: linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4258-1

Trust: 0.1

title:Ubuntu Security Notice: linux-azure vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4287-2

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4284-1

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4287-1

Trust: 0.1

title:Linux kernel Exploitation tutorials & Practice Tracing the Kernel Kernel Bugs, vulnerabilities and exploitation techniques Linux Kernel Exploitation cve PoC/writeups & guides Talks from conferences (videos) Major changes to source code Additional Out of context resources Source code structs & fields of interest The backyard/garage of the Linux kernel docs Linux internals Virtual memory areas datastructures (VMA) Page Tables and Process Memory internals & exploits Various open source tools In Chromium Android blogs Mitigationsurl:https://github.com/IdanBanani/Linux-Kernel-VR-Exploitation

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/De4dCr0w/Linux-kernel-EoP-exp

Trust: 0.1

title:Linux Kernel Exploitationurl:https://github.com/TamilHackz/linux-kernel-exploitation

Trust: 0.1

title:Linux Kernel Exploitationurl:https://github.com/khanhdz191/linux-kernel-exploitation

Trust: 0.1

title:Linux Kernel Exploitationurl:https://github.com/xairy/linux-kernel-exploitation

Trust: 0.1

title:PoC in GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:Github CVE Monitorurl:https://github.com/khulnasoft-lab/awesome-security

Trust: 0.1

title:PoC in GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

title:Github CVE Monitorurl:https://github.com/khulnasoft-labs/awesome-security

Trust: 0.1

title:Awesome CVE PoCurl:https://github.com/lnick2023/nicenice

Trust: 0.1

title:Awesome CVE PoCurl:https://github.com/xbl3/awesome-cve-poc_qazbnm456

Trust: 0.1

title:PoC in GitHuburl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:Awesome CVE PoCurl:https://github.com/qazbnm456/awesome-cve-poc

Trust: 0.1

sources: VULMON: CVE-2019-18683 // JVNDB: JVNDB-2019-011718 // CNNVD: CNNVD-201911-066

EXTERNAL IDS

db:NVDid:CVE-2019-18683

Trust: 3.2

db:PACKETSTORMid:155890

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2019/11/05/1

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2019/11/02/1

Trust: 1.7

db:JVNDBid:JVNDB-2019-011718

Trust: 0.8

db:PACKETSTORMid:156427

Trust: 0.7

db:PACKETSTORMid:156125

Trust: 0.7

db:AUSCERTid:ESB-2020.1745

Trust: 0.6

db:AUSCERTid:ESB-2020.1745.2

Trust: 0.6

db:AUSCERTid:ESB-2019.4584

Trust: 0.6

db:AUSCERTid:ESB-2019.4793

Trust: 0.6

db:AUSCERTid:ESB-2020.0851

Trust: 0.6

db:AUSCERTid:ESB-2020.0305

Trust: 0.6

db:AUSCERTid:ESB-2020.0766

Trust: 0.6

db:AUSCERTid:ESB-2020.0572

Trust: 0.6

db:AUSCERTid:ESB-2019.4704

Trust: 0.6

db:AUSCERTid:ESB-2020.0830

Trust: 0.6

db:AUSCERTid:ESB-2019.4346.2

Trust: 0.6

db:AUSCERTid:ESB-2020.0572.2

Trust: 0.6

db:AUSCERTid:ESB-2020.0141

Trust: 0.6

db:CNNVDid:CNNVD-201911-066

Trust: 0.6

db:VULMONid:CVE-2019-18683

Trust: 0.1

db:PACKETSTORMid:156110

Trust: 0.1

db:PACKETSTORMid:156422

Trust: 0.1

db:PACKETSTORMid:156418

Trust: 0.1

db:PACKETSTORMid:156124

Trust: 0.1

sources: VULMON: CVE-2019-18683 // JVNDB: JVNDB-2019-011718 // PACKETSTORM: 156110 // PACKETSTORM: 155890 // PACKETSTORM: 156422 // PACKETSTORM: 156427 // PACKETSTORM: 156418 // PACKETSTORM: 156125 // PACKETSTORM: 156124 // CNNVD: CNNVD-201911-066 // NVD: CVE-2019-18683

REFERENCES

url:https://usn.ubuntu.com/4254-1/

Trust: 2.4

url:http://packetstormsecurity.com/files/155890/slackware-security-advisory-slackware-14.2-kernel-updates.html

Trust: 2.3

url:https://usn.ubuntu.com/4254-2/

Trust: 2.3

url:https://usn.ubuntu.com/4258-1/

Trust: 2.3

url:https://usn.ubuntu.com/4287-1/

Trust: 2.3

url:https://usn.ubuntu.com/4287-2/

Trust: 2.3

url:https://usn.ubuntu.com/4284-1/

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-18683

Trust: 2.1

url:https://www.openwall.com/lists/oss-security/2019/11/02/1

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2019/11/05/1

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20191205-0001/

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

Trust: 1.7

url:https://seclists.org/bugtraq/2020/jan/10

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Trust: 1.7

url:https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18683

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2019-15291

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-19332

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-19227

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-19063

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-19057

Trust: 0.6

url:https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/

Trust: 0.6

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html

Trust: 0.6

url:https://usn.ubuntu.com/4286-2/

Trust: 0.6

url:https://usn.ubuntu.com/4286-1/

Trust: 0.6

url:https://usn.ubuntu.com/4285-1/

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193381-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html

Trust: 0.6

url:https://usn.ubuntu.com/4255-2/

Trust: 0.6

url:https://usn.ubuntu.com/4253-2/

Trust: 0.6

url:https://usn.ubuntu.com/4255-1/

Trust: 0.6

url:https://usn.ubuntu.com/4253-1/

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193316-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193317-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/156427/ubuntu-security-notice-usn-4287-2.html

Trust: 0.6

url:https://source.android.com/security/bulletin/pixel/2020-06-01

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4704/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0766/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0305/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4793/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0572.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0851/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1745.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4584/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0830/

Trust: 0.6

url:https://packetstormsecurity.com/files/156125/ubuntu-security-notice-usn-4258-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0572/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0141/

Trust: 0.6

url:https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-drivers-media-platform-vivid-31091

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1745/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346.2/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-18885

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-19062

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-14615

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-15099

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19078

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19071

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19767

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19082

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19965

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-16229

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-16232

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-18786

Trust: 0.3

url:https://usn.ubuntu.com/4254-1

Trust: 0.2

url:https://usn.ubuntu.com/4287-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20096

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18809

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-7053

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5108

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19077

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19050

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19252

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/362.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/oss-sec/2019/q4/43

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.4.0-173.203

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1128.137

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1101.112

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1132.140

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1065.72

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19524

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19332

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18660

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19063

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15291

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19338

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15917

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19057

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12614

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19227

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19062

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18660

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15917

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19338

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19524

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1072.79

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1053.53

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1071.76

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1060.62

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-88.88~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1033.36~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1052.55

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1055.59

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1055.59

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1060.62~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1033.36

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.15.0-88.88

Trust: 0.1

url:https://usn.ubuntu.com/4287-2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19241

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18811

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/5.3.0-1009.10

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure-5.3/5.3.0-1013.14~18.04.1

Trust: 0.1

url:https://usn.ubuntu.com/4284-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.3.0-40.32

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1012.13

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19947

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp-5.3/5.3.0-1012.13~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-40.32~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1018.20~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1018.20

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1011.12

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19602

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1010.11

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1024.27~18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19079

Trust: 0.1

url:https://usn.ubuntu.com/4258-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1010.15~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1029.30~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1029.30~18.04.1

Trust: 0.1

url:https://usn.ubuntu.com/4254-2

Trust: 0.1

sources: VULMON: CVE-2019-18683 // JVNDB: JVNDB-2019-011718 // PACKETSTORM: 156110 // PACKETSTORM: 155890 // PACKETSTORM: 156422 // PACKETSTORM: 156427 // PACKETSTORM: 156418 // PACKETSTORM: 156125 // PACKETSTORM: 156124 // CNNVD: CNNVD-201911-066 // NVD: CVE-2019-18683

CREDITS

Ubuntu

Trust: 0.6

sources: PACKETSTORM: 156110 // PACKETSTORM: 156422 // PACKETSTORM: 156427 // PACKETSTORM: 156418 // PACKETSTORM: 156125 // PACKETSTORM: 156124

SOURCES

db:VULMONid:CVE-2019-18683
db:JVNDBid:JVNDB-2019-011718
db:PACKETSTORMid:156110
db:PACKETSTORMid:155890
db:PACKETSTORMid:156422
db:PACKETSTORMid:156427
db:PACKETSTORMid:156418
db:PACKETSTORMid:156125
db:PACKETSTORMid:156124
db:CNNVDid:CNNVD-201911-066
db:NVDid:CVE-2019-18683

LAST UPDATE DATE

2024-11-23T20:48:03.327000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-18683date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2019-011718date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201911-066date:2022-04-19T00:00:00
db:NVDid:CVE-2019-18683date:2024-11-21T04:33:31.440

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-18683date:2019-11-04T00:00:00
db:JVNDBid:JVNDB-2019-011718date:2019-11-15T00:00:00
db:PACKETSTORMid:156110date:2020-01-28T15:44:44
db:PACKETSTORMid:155890date:2020-01-09T15:06:22
db:PACKETSTORMid:156422date:2020-02-19T15:27:54
db:PACKETSTORMid:156427date:2020-02-19T15:35:02
db:PACKETSTORMid:156418date:2020-02-19T15:25:33
db:PACKETSTORMid:156125date:2020-01-29T17:15:10
db:PACKETSTORMid:156124date:2020-01-29T17:15:05
db:CNNVDid:CNNVD-201911-066date:2019-11-04T00:00:00
db:NVDid:CVE-2019-18683date:2019-11-04T16:15:11.327