A use after free issue was found in the way Linux kernel's KVM hypervisor
implements its device control API. While creating a device via
kvm_ioctl_create_device(), device holds a reference to a VM object,
latter this reference is transferred to caller's file descriptor table.
If such file descriptor was to be closed, reference count to the VM
object could become zero, potentially leading to use-after-free
A user/process could use this flaw to crash the guest VM resulting in
DoS issue OR potentially gain privileged access to a system.
Name: Jann Horn (Google)
This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1673681]