Race condition in kvm_ioctl_create_device in Linux kernel before 4.20.8 leads to use-after-free vulnerability
CVE-2019-6974 · HIGH Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.