{"id":"CVE-2019-18675","details":"The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.","modified":"2026-03-15T22:27:57.910028Z","published":"2019-11-25T14:15:12.100Z","related":["SUSE-SU-2020:1255-1","SUSE-SU-2020:1275-1","SUSE-SU-2020:14354-1"],"references":[{"type":"ADVISORY","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/usb/cpia2/cpia2_core.c"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200103-0001/"},{"type":"ADVISORY","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be83bbf806822b1b89e0a0f23cd87cddc409e429"},{"type":"EVIDENCE","url":"https://deshal3v.github.io/blog/kernel-research/mmap_exploitation"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"3.16.60"}]},{"events":[{"introduced":"3.17"},{"fixed":"3.18.113"}]},{"events":[{"introduced":"3.19"},{"fixed":"4.4.137"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.9.108"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.49"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.16.15"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18675.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}