CVE-2019-6974

HIGH

Linux kernel <4.20.8 - Use After Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6974. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a race condition in the KVM subsystem (CVE-2019-6974) where a borrowed reference to a VM object is improperly transferred before being converted to a proper reference, leading to a use-after-free and kernel crash.

Description

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoslinux

https://www.exploit-db.com/exploits/46388

View Code ZIP pw:eip

This exploit demonstrates a race condition in the KVM subsystem (CVE-2019-6974) where a borrowed reference to a VM object is improperly transferred before being converted to a proper reference, leading to a use-after-free and kernel crash.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Racy

Target: Linux Kernel KVM subsystem (versions before the fix)

No auth needed

Prerequisites: Access to /dev/kvm · Ability to execute code on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (28)

Core 28

Core References

Exploit, Mailing List, Patch, Third Party Advisory x_refsource_misc

https://bugs.chromium.org/p/project-zero/issues/detail?id=1765

Mailing List, Vendor Advisory x_refsource_misc

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99

Mailing List, Vendor Advisory x_refsource_misc

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46388/

Mailing List, Vendor Advisory x_refsource_misc

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8

Exploit, Patch, Third Party Advisory x_refsource_misc

https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9

View Exploit ZIP pw:eip

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/107127

Mailing List, Vendor Advisory x_refsource_misc

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156

Mailing List, Patch, Vendor Advisory x_refsource_misc

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html