The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "39718693755301201889729462457271708969", "296791177688928073771379381847632426913", "52113076838268710151677013931203781363" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@ecec76885bcfe3294685dc363fd1273df0d5d65f", "signature_type": "Line", "deprecated": false, "signature_version": "v1", "id": "CVE-2019-7221-2f9fe97e", "target": { "file": "arch/x86/kvm/vmx/nested.c" } }, { "digest": { "function_hash": "308490949393158356857261031983107602386", "length": 1211.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@ecec76885bcfe3294685dc363fd1273df0d5d65f", "signature_type": "Function", "deprecated": false, "signature_version": "v1", "id": "CVE-2019-7221-67fe9bb5", "target": { "function": "free_nested", "file": "arch/x86/kvm/vmx/nested.c" } } ] }