Vulnerability Description
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.10, < 3.16.64 |
| Debian | Debian Linux | 8.0 |
| Canonical | Ubuntu Linux | 12.04 |
| F5 | Big-Ip Access Policy Manager | >= 13.0.0, <= 13.1.1 |
| F5 | Big-Ip Advanced Firewall Manager | >= 13.0.0, <= 13.1.1 |
| F5 | Big-Ip Analytics | >= 13.0.0, <= 13.1.1 |
| F5 | Big-Ip Application Acceleration Manager | >= 13.0.0, <= 13.1.1 |
| F5 | Big-Ip Application Security Manager | >= 13.0.0, <= 13.1.1 |
| F5 | Big-Ip Edge Gateway | >= 13.0.0, <= 13.1.1 |
| F5 | Big-Ip Fraud Protection Service | >= 13.0.0, <= 13.1.1 |
| F5 | Big-Ip Global Traffic Manager | >= 13.0.0, <= 13.1.1 |
| F5 | Big-Ip Link Controller | >= 13.0.0, <= 13.1.1 |
| F5 | Big-Ip Local Traffic Manager | >= 13.0.0, <= 13.1.1 |
| F5 | Big-Ip Policy Enforcement Manager | >= 13.0.0, <= 13.1.1 |
| F5 | Big-Ip Webaccelerator | >= 13.0.0, <= 13.1.1 |
| Redhat | Openshift Container Platform | 3.11 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Eus | 7.5 |
| Redhat | Enterprise Linux Server | 7.0 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa393Mailing ListPatchVendor Advisory
- http://www.securityfocus.com/bid/107127Broken LinkThird Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2019:0959Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:0818Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:0833Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2809Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3967Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0103Third Party Advisory
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1765ExploitMailing ListPatch
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99Mailing ListVendor Advisory
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21Mailing ListVendor Advisory
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8Mailing ListVendor Advisory
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156Mailing ListVendor Advisory
- https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbcExploitPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2019-6974?
CVE-2019-6974 is a vulnerability with a CVSS score of 8.1 (HIGH). In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
How severe is CVE-2019-6974?
CVE-2019-6974 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6974?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux, F5 Big-Ip Access Policy Manager, F5 Big-Ip Advanced Firewall Manager.