In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free.
{ "vanir_signatures": [ { "target": { "function": "kvm_ioctl_create_device", "file": "virt/kvm/kvm_main.c" }, "digest": { "length": 1033.0, "function_hash": "245090073911684561429489120973658422485" }, "signature_version": "v1", "source": "https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9", "id": "CVE-2019-6974-68cb3f8e", "signature_type": "Function", "deprecated": false }, { "target": { "file": "virt/kvm/kvm_main.c" }, "digest": { "line_hashes": [ "156802052307312166678608546755412389583", "307813914771452235654762694264403121533", "289404660143947408267868934291201799498", "320657129973422680520752823267757810976", "220577974984310382025405899733151668436", "216139144152647261486975827502419402169", "195501242291902620476119579317544874005", "124592416377118946771724350266455373562", "338635732848160741738105356242564774532" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@cfa39381173d5f969daf43582c95ad679189cbc9", "id": "CVE-2019-6974-9216ae0a", "signature_type": "Line", "deprecated": false }, { "target": { "function": "kvm_ioctl_create_device", "file": "virt/kvm/kvm_main.c" }, "digest": { "length": 1033.0, "function_hash": "245090073911684561429489120973658422485" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@cfa39381173d5f969daf43582c95ad679189cbc9", "id": "CVE-2019-6974-e29dc8da", "signature_type": "Function", "deprecated": false }, { "target": { "file": "virt/kvm/kvm_main.c" }, "digest": { "line_hashes": [ "156802052307312166678608546755412389583", "307813914771452235654762694264403121533", "289404660143947408267868934291201799498", "320657129973422680520752823267757810976", "220577974984310382025405899733151668436", "216139144152647261486975827502419402169", "195501242291902620476119579317544874005", "124592416377118946771724350266455373562", "338635732848160741738105356242564774532" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9", "id": "CVE-2019-6974-e58ac2c9", "signature_type": "Line", "deprecated": false } ] }