Fixed
Created: Feb 14, 2019
Updated: May 21, 2019
Resolved Date: Apr 2, 2019
Found In Version: 7.0.0.30
Fix Version: 7.0.0.30
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Kernel
A use after free issue was found in the way Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), device holds a reference to a VM object, latter this reference is transferred to caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to use-after-free issue latter.
https://nvd.nist.gov/vuln/detail/CVE-2019-6974