Recommend disabling VIDEO_VIVID

The vivid driver is for testing. It doesn't require any special hardware.
It is shipped in Ubuntu, Debian, Arch Linux, SUSE Linux Enterprise and openSUSE.
On Ubuntu the devices created by this driver are available to the normal user,
since Ubuntu applies RW ACL when the user is logged in.

See the disclosure of CVE-2019-18683 which I've found and fixed in vivid driver:
https://www.openwall.com/lists/oss-security/2019/11/02/1

README.md

@@ -178,9 +178,10 @@ CONFIG_IP_DCCP                               | is not set  |    my    | cut_atta
 CONFIG_IP_SCTP                               | is not set  |    my    | cut_attack_surface |   FAIL: "m"
 CONFIG_FTRACE                                | is not set  |    my    | cut_attack_surface |   FAIL: "y"
 CONFIG_BPF_JIT                               | is not set  |    my    | cut_attack_surface |   FAIL: "y"
+CONFIG_VIDEO_VIVID                           | is not set  |    my    | cut_attack_surface |   FAIL: "m"
 CONFIG_ARCH_MMAP_RND_BITS                    |     32      |  clipos  |userspace_hardening |   FAIL: "28"
 
-[+] config check is finished: 'OK' - 49 / 'FAIL' - 76
+[+] config check is finished: 'OK' - 49 / 'FAIL' - 77
 ```
 
 ## kconfig-hardened-check versioning

kconfig-hardened-check.py

@@ -380,6 +380,7 @@ def construct_checklist(checklist, arch):
     checklist.append(OptCheck('IP_SCTP',              'is not set', 'my', 'cut_attack_surface'))
     checklist.append(OptCheck('FTRACE',               'is not set', 'my', 'cut_attack_surface'))
     checklist.append(OptCheck('BPF_JIT',              'is not set', 'my', 'cut_attack_surface'))
+    checklist.append(OptCheck('VIDEO_VIVID',          'is not set', 'my', 'cut_attack_surface'))
     if debug_mode or arch == 'X86_32':
         checklist.append(OptCheck('MODIFY_LDT_SYSCALL',   'is not set', 'my', 'cut_attack_surface'))