In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. (CVE-2019-6974)
Impact
BIG-IP
An attacker may use this vulnerability to cause a vCMP guest to crash, resulting in a denial-of-service or gain privileged access to the vCMP hypervisor host system. This vulnerability affects only hardware platforms that are vCMP-capable and are provisioned for vCMP. For a list of vCMP capable hardware platforms, refer to K14088: vCMP host and compatible guest version matrix.
BIG-IQ, Enterprise Manager, F5 iWorkflow, Traffix SDC
There is no impact; these F5 products are not affected by this vulnerability.