CVE-2019-19448

Published: 12/8/2019 Last updated: 8/5/2024 Reserved: 11/29/2019

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product	Vendor	Version
n/a	n/a	<= 6.13.*

References (12)

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
https://usn.ubuntu.com/4578-1/
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
https://security.netapp.com/advisory/ntap-20200103-0001/
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
https://usn.ubuntu.com/4578-1/
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
https://security.netapp.com/advisory/ntap-20200103-0001/