UBUNTU-CVE-2019-19813
Vulnerability Summary
Timeline
Description
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Systems
- ubuntu•linux
all | < 4.4.0-201.233 | < 4.15.0-109.110
- ubuntu•linux-aws
< 4.4.0-1085.89 | < 4.4.0-1121.135 | < 4.15.0-1077.81
- ubuntu•linux-aws-5.0
all
- ubuntu•linux-aws-fips
< 4.15.0-2022.22 | all
- ubuntu•linux-aws-hwe
< 4.15.0-1079.83~16.04.1
- ubuntu•linux-azure
< 4.15.0-1091.101~14.04.1 | < 4.15.0-1091.101~16.04.1 | all
- ubuntu•linux-azure-4.15
< 4.15.0-1091.101
- ubuntu•linux-azure-edge
all
- ubuntu•linux-azure-fde
all
- ubuntu•linux-azure-fde-5.15
all
- ubuntu•linux-azure-fips
< 4.15.0-2006.7 | all
- ubuntu•linux-bluefield
all
- ubuntu•linux-fips
< 4.4.0-1055.61 | all | < 4.15.0-1037.42
- ubuntu•linux-gcp
< 4.15.0-1080.90~16.04.1 | all
- ubuntu•linux-gcp-4.15
< 4.15.0-1080.90
- ubuntu•linux-gcp-edge
all
- ubuntu•linux-gcp-fips
all
- ubuntu•linux-gke
all
- ubuntu•linux-gke-4.15
< 4.15.0-1066.69
- ubuntu•linux-hwe
< 4.15.0-112.113~16.04.1 | < 5.3.0-26.28~18.04.1
- ubuntu•linux-hwe-edge
all | < 5.3.0-19.20~18.04.2
- ubuntu•linux-intel-iot-realtime
all
- ubuntu•linux-kvm
< 4.4.0-1087.96 | < 4.15.0-1069.70
- ubuntu•linux-lts-xenial
< 4.4.0-201.233~14.04.1
- ubuntu•linux-nvidia
all
- ubuntu•linux-oem
< 4.15.0-1091.101
- ubuntu•linux-oracle
< 4.15.0-1050.54~16.04.1 | < 4.15.0-1048.52
- ubuntu•linux-oracle-5.0
all
- ubuntu•linux-raspi-realtime
all
- ubuntu•linux-raspi2
< 4.4.0-1145.155 | < 4.15.0-1065.69 | all
- ubuntu•linux-realtime
all
- ubuntu•linux-riscv
all
- ubuntu•linux-snapdragon
< 4.4.0-1149.159 | < 4.15.0-1083.91