UBUNTU-CVE-2019-6974

Details

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

Affected Packages(34 packages)

linux

Ubuntu 14.04 LTS

Fixed in:

3.13.0-168.218

linux-aws

Ubuntu 14.04 LTS

Fixed in:

4.4.0-1040.43

linux-azure

Ubuntu 14.04 LTS

Fixed in:

4.15.0-1041.45~14.04.1

linux-lts-xenial

Ubuntu 14.04 LTS

Fixed in:

4.4.0-144.170~14.04.1

linux

Ubuntu 16.04 LTS

Fixed in:

4.4.0-145.171

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1079.89

linux-aws-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1035.37~16.04.1

linux-azure

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1041.45

linux-gcp

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1029.31~16.04.1

linux-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-47.50~16.04.1

References

REPORT

https://ubuntu.com/security/CVE-2019-6974

ADVISORY

https://ubuntu.com/security/notices/USN-3930-1

ADVISORY

https://ubuntu.com/security/notices/USN-3930-2

ADVISORY

https://ubuntu.com/security/notices/USN-3931-1

ADVISORY

https://ubuntu.com/security/notices/USN-3931-2

ADVISORY

https://ubuntu.com/security/notices/USN-3932-1

ADVISORY

https://ubuntu.com/security/notices/USN-3932-2

ADVISORY

https://ubuntu.com/security/notices/USN-3933-1

ADVISORY

https://ubuntu.com/security/notices/USN-3933-2

REPORT

https://www.cve.org/CVERecord?id=CVE-2019-6974