CVE-2019-19813

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.0.21

Description The issue is related to a use-after-free in the Linux kernel, specifically when mounting a crafted btrfs filesystem image, performing certain operations, and then making a syncfs system call. This is connected to the functions mutex can spin on owner, btrfs qgroup free meta, and btrfs insert delayed items. The exploitation of this issue can lead to a denial of service.

Recommendations For Linux kernel version 5.0.21, consider applying a patch that fixes the use-after-free issue in the mutex lock function, specifically related to the mutex can spin on owner function in kernel/locking/mutex.c, btrfs qgroup free meta in fs/btrfs/qgroup.c, and btrfs insert delayed items in fs/btrfs/delayed-inode.c. As a temporary workaround, consider restricting the use of the syncfs system call on mounted btrfs filesystem images to minimize the risk of exploitation.