The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
[ { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@ecec76885bcfe3294685dc363fd1273df0d5d65f", "signature_version": "v1", "target": { "file": "arch/x86/kvm/vmx/nested.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "39718693755301201889729462457271708969", "296791177688928073771379381847632426913", "52113076838268710151677013931203781363" ] }, "id": "CVE-2019-7221-2f9fe97e" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@ecec76885bcfe3294685dc363fd1273df0d5d65f", "signature_version": "v1", "target": { "function": "free_nested", "file": "arch/x86/kvm/vmx/nested.c" }, "digest": { "function_hash": "308490949393158356857261031983107602386", "length": 1211.0 }, "id": "CVE-2019-7221-67fe9bb5" } ]