Race condition in kvm_ioctl_create_device in Linux kernel before 4.20.8 leads to use-after-free vulnerability

Race condition in kvm_ioctl_create_device in Linux kernel before 4.20.8 leads to use-after-free vulnerability

CVE-2019-6974 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.