Linux Kernel before 4.20.8 kvm_ioctl_create_device Use-After-Free Vulnerability – Feb 2019

Preface: Linus Torvalds, he is the principal developer of the Linux kernel. Many Linux distributions and operating systems are based on Linus Torvalds design foundation.

Synopsis: The module (virt/kvm/kvm_main.c) enables machines with Intel VT-x extensions to run virtual machines without emulation or binary translation. The module (virt/kvm/kvm_main.c) enables machines with Intel VT-x extensions to run virtual machines without emulation or binary translation. However a vulnerability occurs in the kvm_ioctl_create_device function of the Linux Kernel.

Details: The vulnerability exists due to a race condition that causes the kvm_ioctl_create_device function.
Affected software: kvm_main.c source code file

Impact: A successful exploit could trigger a use-after-free condition vulnerability. Thus causes the targeted virtual machine crash ( DoS condition). Besides, a successful exploit could allow the attacker to gain elevated privileges on a targeted system.

Remedy action: https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9