The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-25T13:44:26
Updated: 2024-08-05T01:54:14.592Z
Reserved: 2019-11-03T00:00:00
Link: CVE-2019-18675
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-11-25T14:15:12.100
Modified: 2023-02-24T18:42:44.487
Link: CVE-2019-18675
Redhat