CVE-2019-6974: In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a…

high8.1CVSS 3.1

AVNACHPRNUINSUCHIHAH

EXPLOIT

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

Affected

68 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	linux	< linux 4.19.20-1 (bookworm)	linux 4.19.20-1 (bookworm)
f5	big-ip_access_policy_manager	13.0.0 – 13.1.1	—
f5	big-ip_access_policy_manager	14.0.0 – 14.1.0	—
f5	big-ip_access_policy_manager	>= 15.0.0 < 15.1.0	15.1.0
f5	big-ip_advanced_firewall_manager	13.0.0 – 13.1.1	—
f5	big-ip_advanced_firewall_manager	14.0.0 – 14.1.0	—
f5	big-ip_advanced_firewall_manager	>= 15.0.0 < 15.1.0	15.1.0
f5	big-ip_analytics	13.0.0 – 13.1.1	—
f5	big-ip_analytics	14.0.0 – 14.1.0	—
f5	big-ip_analytics	>= 15.0.0 < 15.1.0	15.1.0
f5	big-ip_application_acceleration_manager	13.0.0 – 13.1.1	—
f5	big-ip_application_acceleration_manager	14.0.0 – 14.1.0	—
f5	big-ip_application_acceleration_manager	>= 15.0.0 < 15.1.0	15.1.0
f5	big-ip_application_security_manager	13.0.0 – 13.1.1	—
f5	big-ip_application_security_manager	14.0.0 – 14.1.0	—
f5	big-ip_application_security_manager	>= 15.0.0 < 15.1.0	15.1.0
f5	big-ip_edge_gateway	13.0.0 – 13.1.1	—
f5	big-ip_edge_gateway	14.0.0 – 14.1.0	—
f5	big-ip_edge_gateway	>= 15.0.0 < 15.1.0	15.1.0

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

osv8.1HIGH