Not to be fixed
Created: Dec 17, 2019
Updated: Nov 2, 2023
Resolved Date: Nov 2, 2023
Found In Version: 10.18.44.1
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Kernel
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
CREATE(Triage):(User=admin) CVE-2019-19813 (https://nvd.nist.gov/vuln/detail/CVE-2019-19813)
