Linux kernel KVM subsystem vulnerability CVE-2019-6974

2019-04-1916:32:00

support.f5.com

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.049 Low

EPSS

Percentile

91.9%

JSON

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. (CVE-2019-6974)

Impact

BIG-IP

An attacker may use this vulnerability to cause a vCMP guest to crash, resulting in a denial-of-service or gain privileged access to the vCMP hypervisor host system. This vulnerability affects only hardware platforms that are vCMP-capable and are provisioned for vCMP. For a list of vCMP capable hardware platforms, refer to K14088: vCMP host and compatible guest version matrix.

BIG-IQ, Enterprise Manager, F5 iWorkflow, Traffix SDC

There is no impact; these F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementle6.1.0
big-ip aamle15.1.0
big-ip afmle15.1.0
big-ip analyticsle15.1.0
big-ip apmle15.1.0
big-ip asmle15.1.0
big-ip dnsle15.1.0
big-ip fpsle15.1.0
big-ip gtmle15.1.0
big-ip link controllerle15.1.0

Name	Operator	Version
big-iq centralized management	le	6.1.0
big-ip aam	le	15.1.0
big-ip afm	le	15.1.0
big-ip analytics	le	15.1.0
big-ip apm	le	15.1.0
big-ip asm	le	15.1.0
big-ip dns	le	15.1.0
big-ip fps	le	15.1.0
big-ip gtm	le	15.1.0
big-ip link controller	le	15.1.0