active/CVE-2019-19377


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

Description: btrfs: crafted image causes use-after-free in btrfs_queue_work
References:
 https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377
Notes:
 carnil> This might affect only 5.4+ stable releases, the fix at least
 carnil> was submitted for those only and addressed in 5.4.33, 5.5.18
 carnil> and 5.6.5 as well. This needs to be verified/confirmed.
 bwh> Apparently fixed along with CVE-2019-19039.
Bugs:
upstream: released (5.7-rc1) [b3ff8f1d380e65dddd772542aa9bff6c86bf715a]
5.10-upstream-stable: N/A "Fixed before branch point"
4.19-upstream-stable: released (4.19.156) [1527c0e0229d2dd1c8ae1e73b1579bd8d5866b5b]
4.9-upstream-stable: needed
3.16-upstream-stable: ignored "EOL"
sid: released (5.6.7-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.160-1)
4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"