Login Sign Up

CVE-2019-18683

7.0 HIGH

📋 TL;DR

CVE-2019-18683 is a race condition vulnerability in the Linux kernel's VIVID video driver that can lead to use-after-free conditions. It allows local attackers with /dev/video0 access to potentially escalate privileges on affected systems. The vulnerability only exists when the VIVID driver is loaded, which is not the default on most distributions.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel through 5.3.8
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when VIVID driver is loaded and local users have /dev/video0 access. VIVID is a test driver not typically loaded in production systems.

📦 What is this software?

8300 Firmware by Netapp

View all CVEs affecting 8300 Firmware →

8700 Firmware by Netapp

View all CVEs affecting 8700 Firmware →

A400 Firmware by Netapp

View all CVEs affecting A400 Firmware →

A700s Firmware by Netapp

View all CVEs affecting A700s Firmware →

Active Iq Unified Manager by Netapp

View all CVEs affecting Active Iq Unified Manager →

Cloud Backup by Netapp

View all CVEs affecting Cloud Backup →

Data Availability Services by Netapp

View all CVEs affecting Data Availability Services →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

Element Software by Netapp

View all CVEs affecting Element Software →

Fabric Operating System by Broadcom

View all CVEs affecting Fabric Operating System →

H610s Firmware by Netapp

View all CVEs affecting H610s Firmware →

Hci Management Node by Netapp

View all CVEs affecting Hci Management Node →

Leap by Opensuse

View all CVEs affecting Leap →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Solidfire by Netapp

View all CVEs affecting Solidfire →

Steelstore Cloud Integrated Storage by Netapp

View all CVEs affecting Steelstore Cloud Integrated Storage →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, potentially leading to full system compromise and persistence.

🟠

Likely Case

Local privilege escalation for users with video device access, allowing elevation to root privileges.

🟢

If Mitigated

No impact if VIVID driver is not loaded or users lack /dev/video0 access.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.
🏢 Internal Only: MEDIUM - Internal users with local access and video device permissions could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access, race condition timing, and specific driver configuration. Proof-of-concept code was published in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.3.9 and later

Vendor Advisory: https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.3.9 or later. 2. Reboot the system to load the patched kernel. 3. Verify the kernel version with 'uname -r'.

🔧 Temporary Workarounds

Unload VIVID driver

linux

Remove the VIVID driver module if it's loaded

sudo rmmod vivid

Blacklist VIVID driver

linux

Prevent VIVID driver from loading at boot

echo 'blacklist vivid' | sudo tee /etc/modprobe.d/blacklist-vivid.conf

Restrict /dev/video0 access

linux

Change permissions on video devices to restrict access

sudo chmod 600 /dev/video0
sudo chown root:root /dev/video0

🧯 If You Can't Patch

  • Unload the VIVID driver module if present
  • Restrict access to /dev/video0 to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check if VIVID driver is loaded: 'lsmod | grep vivid' and check kernel version: 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.3.9 or later: 'uname -r' and ensure VIVID driver is not loaded: 'lsmod | grep vivid'

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • System crashes related to video drivers
  • Unexpected privilege escalation events

Network Indicators:

  • None - local exploitation only

SIEM Query:

Process elevation from non-privileged user to root without legitimate cause

📊 Metadata

CVE ID: CVE-2019-18683
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-362
Published: November 4, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-18683, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)