Severity
Medium
Analysis Summary
CVE-2019-6974
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-7221
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Impact
Affected Vendors
Oracle
Affected Products
Oracle Linux 7
Remediation
Apply updated packages via the yum or rpm utility