Linux kernel through 5.3.8 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) Vulnerability


These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.





The information has been provided by Alexander Popov

The original article can be found at:



An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). 


Vulnerable Systems:

Linux kernel through 5.3.8 


CVE Information:



Disclosure Timeline:
Published Date:11/4/2019