CVE-2019-19377

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.0.21

Description The issue is related to a use-after-free vulnerability in the btrfs queue work function, located in the fs/btrfs/async-thread.c file. This vulnerability can be exploited by mounting a crafted btrfs filesystem image, performing certain operations, and then unmounting it. The exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel version 5.0.21, consider applying a patch or updating to a newer version that addresses this issue. As a temporary workaround, restrict access to the btrfs queue work function in the fs/btrfs/async-thread.c file to minimize the risk of exploitation. Avoid mounting crafted btrfs filesystem images and performing operations that may trigger the use-after-free vulnerability until a patch is available.