SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionIn the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. (CVE-2019-6974)
An attacker may use this vulnerability to cause a vCMP guest to crash,resulting in a denial-of-service orgain privileged access to the vCMP hypervisor host system. This vulnerability affects only hardware platforms that are vCMP-capable and are provisioned for vCMP. For a list of vCMP capable hardware platforms, refer to K14088: vCMP host and compatible guest version matrix.
BIG-IQ, Enterprise Manager, F5 iWorkflow, Traffix SDC
There is no impact; these F5 products are not affected by this vulnerability.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K11186236.