(https://nvd.nist.gov/vuln/detail/CVE-2019-6974): In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. Gentoo Security Padawan (domhnall)
Fixed in 4.9.156, 4.9.156, 4.14.99, 4.19.21.