CVE-2019-6974

Published: Feb 15, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

Affected (60)

Products: Linux: Linux Kernel · Debian: Debian Linux · Canonical: Ubuntu Linux · +2 more

Show all products

1 product

1 product

1 product

12 products

Big Ip Access Policy Manager

Big Ip Advanced Firewall Manager

Big Ip Analytics

Big Ip Application Acceleration Manager

Big Ip Application Security Manager

Big Ip Edge Gateway

Big Ip Fraud Protection Service

Big Ip Global Traffic Manager

Big Ip Link Controller

Big Ip Local Traffic Manager

Big Ip Policy Enforcement Manager

Big Ip Webaccelerator

Redhat

9 products

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Openshift Container Platform

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.10 to 3.16.64
Linux Linux Kernel	From 3.17 to 3.18.136
Linux Linux Kernel	From 3.19 to 4.4.176
Linux Linux Kernel	From 4.10 to 4.14.99
Linux Linux Kernel	From 4.15 to 4.19.21
Linux Linux Kernel	From 4.20 to 4.20.8
Linux Linux Kernel	From 4.5 to 4.9.156

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Configuration D

36 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 13.0.0 to 13.1.1
F5 Big Ip Access Policy Manager	From 14.0.0 to 14.1.0
F5 Big Ip Access Policy Manager	From 15.0.0 to 15.1.0
F5 Big Ip Advanced Firewall Manager	From 13.0.0 to 13.1.1
F5 Big Ip Advanced Firewall Manager	From 14.0.0 to 14.1.0
F5 Big Ip Advanced Firewall Manager	From 15.0.0 to 15.1.0
F5 Big Ip Analytics	From 13.0.0 to 13.1.1
F5 Big Ip Analytics	From 14.0.0 to 14.1.0
F5 Big Ip Analytics	From 15.0.0 to 15.1.0
F5 Big Ip Application Acceleration Manager	From 13.0.0 to 13.1.1
F5 Big Ip Application Acceleration Manager	From 14.0.0 to 14.1.0
F5 Big Ip Application Acceleration Manager	From 15.0.0 to 15.1.0
F5 Big Ip Application Security Manager	From 13.0.0 to 13.1.1
F5 Big Ip Application Security Manager	From 14.0.0 to 14.1.0
F5 Big Ip Application Security Manager	From 15.0.0 to 15.1.0
F5 Big Ip Edge Gateway	From 13.0.0 to 13.1.1
F5 Big Ip Edge Gateway	From 14.0.0 to 14.1.0
F5 Big Ip Edge Gateway	From 15.0.0 to 15.1.0
F5 Big Ip Fraud Protection Service	From 13.0.0 to 13.1.1
F5 Big Ip Fraud Protection Service	From 14.0.0 to 14.1.0
F5 Big Ip Fraud Protection Service	From 15.0.0 to 15.1.0
F5 Big Ip Global Traffic Manager	From 13.0.0 to 13.1.1
F5 Big Ip Global Traffic Manager	From 14.0.0 to 14.1.0
F5 Big Ip Global Traffic Manager	From 15.0.0 to 15.1.0
F5 Big Ip Link Controller	From 13.0.0 to 13.1.1
F5 Big Ip Link Controller	From 14.0.0 to 14.1.0
F5 Big Ip Link Controller	From 15.0.0 to 15.1.0
F5 Big Ip Local Traffic Manager	From 13.0.0 to 13.1.1
F5 Big Ip Local Traffic Manager	From 14.0.0 to 14.1.0
F5 Big Ip Local Traffic Manager	From 15.0.0 to 15.1.0
F5 Big Ip Policy Enforcement Manager	From 13.0.0 to 13.1.1
F5 Big Ip Policy Enforcement Manager	From 14.0.0 to 14.1.0
F5 Big Ip Policy Enforcement Manager	From 15.0.0 to 15.1.0
F5 Big Ip Webaccelerator	From 13.0.0 to 13.1.1
F5 Big Ip Webaccelerator	From 14.0.0 to 14.1.0
F5 Big Ip Webaccelerator	From 15.0.0 to 15.1.0

Configuration E

11 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.5
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.4
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Workstation	Version 7.0
Redhat Openshift Container Platform	Version 3.11

Related CWEs

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (56)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

http://www.securityfocus.com/bid/107127

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2019:0959

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0818

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0833

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2809

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3967

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0103

Source: cve@mitre.org

Third Party Advisory

https://bugs.chromium.org/p/project-zero/issues/detail?id=1765

Source: cve@mitre.org

ExploitMailing ListPatchThird Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99

Source: cve@mitre.org

Mailing ListVendor Advisory

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21

Source: cve@mitre.org

Mailing ListVendor Advisory

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8

Source: cve@mitre.org

Mailing ListVendor Advisory

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156

Source: cve@mitre.org

Mailing ListVendor Advisory

https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://support.f5.com/csp/article/K11186236

Source: cve@mitre.org

Third Party Advisory

https://support.f5.com/csp/article/K11186236?utm_source=f5support&amp%3Butm_medium=RSS

Source: cve@mitre.org

https://usn.ubuntu.com/3930-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3930-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3931-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3931-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3932-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3932-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3933-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3933-2/

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/46388/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9