#VU17555 Race condition in Linux kernel - CVE-2019-6974

Cybersecurity Help s.r.o.

Published: 2019-02-12 | Updated: 2020-05-30

Vulnerability identifier: #VU17555

Vulnerability risk: Low

CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-6974

CWE-ID: CWE-362

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows an adjacent attacker to gain elevated privileges or cause a denial of service (DoS) condition.

The weakness exists due to exists due to a race condition that causes the kvm_ioctl_create_device function, as defined in the virt/kvm/kvm_main.c source code file of the affected software, to improperly handle reference counting. An adjacent attacker can access the system and execute an application that submits malicious input, trigger a use-after-free condition and cause a targeted guest virtual machine to crash, resulting in a DoS condition. In addition, a successful exploit could allow the attacker to gain elevated privileges on a targeted system.

Mitigation
The vulnerability has been addressed in the versions 4.9.156, 4.14.99, 4.19.21, 4.20.8.

Vulnerable software versions

Linux kernel: 4.4 - 4.4.175, 4.9 - 4.9.155, 4.14.0 rc1 - 4.19.20, 4.20 rc5 - 4.20.7

External links
https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.176

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux Server 7.4 update for kernel

Red Hat 7.5 update for kernel

Red Hat update for kernel-alt

Red Hat Enterprise Linux 7 update for kernel

Red Hat Enterprise Linux 7 update for kernel-rt

Amazon Linux AMI update for kernel

OpenSUSE Linux update for the Linux Kernel