Race condition in Linux kernel - CVE-2019-6974

Vulnerability identifier: #VU17555

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2019-6974

CWE-ID: CWE-362

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

The vulnerability allows an adjacent attacker to gain elevated privileges or cause a denial of service (DoS) condition.

The weakness exists due to exists due to a race condition that causes the kvm_ioctl_create_device function, as defined in the virt/kvm/kvm_main.c source code file of the affected software, to improperly handle reference counting. An adjacent attacker can access the system and execute an application that submits malicious input, trigger a use-after-free condition and cause a targeted guest virtual machine to crash, resulting in a DoS condition. In addition, a successful exploit could allow the attacker to gain elevated privileges on a targeted system. 

The vulnerability has been addressed in the versions 4.9.156, 4.14.99, 4.19.21, 4.20.8.

• https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
• https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
• https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
• https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
• https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
• https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.176