CVE-2019-6974 - Vulncode-DB

CVE-2019-6974 (NVD)

2019-02-15

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

Products	Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Linux_kernel, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform
Type	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) Use After Free (CWE-416)
First patch	https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9
Patches	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
Relevant file/s	./virt/kvm/kvm_main.c (modified, +2, -1)
Links	• https://usn.ubuntu.com/3932-1/ • https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8 • https://access.redhat.com/errata/RHSA-2019:0833 • https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156 • https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html More/Less (21) • https://access.redhat.com/errata/RHSA-2019:2809 • https://access.redhat.com/errata/RHSA-2020:0103 • https://usn.ubuntu.com/3933-1/ • https://usn.ubuntu.com/3931-2/ • https://usn.ubuntu.com/3930-1/ • https://access.redhat.com/errata/RHSA-2019:0818 • https://access.redhat.com/errata/RHSA-2019:3967 • https://usn.ubuntu.com/3931-1/ • https://usn.ubuntu.com/3932-2/ • https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21 • http://www.securityfocus.com/bid/107127 • https://usn.ubuntu.com/3930-2/ • https://support.f5.com/csp/article/K11186236?utm_source=f5support&amp%3Butm_medium=RSS • https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html • https://access.redhat.com/errata/RHBA-2019:0959 • https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99 • https://www.exploit-db.com/exploits/46388/ • https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html • https://support.f5.com/csp/article/K11186236 • https://usn.ubuntu.com/3933-2/ • https://bugs.chromium.org/p/project-zero/issues/detail?id=1765

linux - Tree: cfa3938117

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: