PT-2019-4696 · Linux+3 · Linux Kernel+3

Published

2019-06-21

Updated

2025-09-29

CVE-2019-19318

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.3.11

Description The issue is related to a use-after-free in the rwsem down write slowpath function, specifically in the rwsem can spin on owner function within kernel/locking/rwsem.c. This occurs when mounting a crafted btrfs image twice, causing rwsem owner flags to return an already freed pointer. The exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations For Linux kernel version 5.3.11, consider applying a patch that fixes the use-after-free issue in the rwsem down write slowpath function as a permanent solution. As a temporary workaround, restrict the mounting of crafted btrfs images to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2019-2120

ALT-PU-2019-2311

ALT-PU-2019-3180

ALT-PU-2019-3268

BDU:2020-01077

CVE-2019-19318

DLA-2586-1

OPENSUSE-SU-2020:0336-1

OPENSUSE-SU-2020_0336-1

SUSE-SU-2020:0511-1

SUSE-SU-2020:0558-1

SUSE-SU-2020:0559-1

SUSE-SU-2020:0560-1

SUSE-SU-2020:0580-1

SUSE-SU-2020:0584-1

SUSE-SU-2020:0599-1

SUSE-SU-2020:0605-1

SUSE-SU-2020:0613-1

SUSE-SU-2020:1663-1

SUSE-SU-2020_1663-1

USN-4414-1

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2019-4696 · Linux+3 · Linux Kernel+3

CVE-2019-19318

Weakness Enumeration

Related Identifiers

Affected Products

References · 548