In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2019-13233 User=admin}