CVE Description: NVD Site Link: https://nvd.nist.gov/vuln/detail?vulnId=CVE-2019-18885 It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). [PATCH v4.19.y 1/2]: Backporting of upsream commit 09ba3bc9dd15: btrfs: merge btrfs_find_device and find_device [PATCH v4.19.y 2/2]: Backporting of upstream commit 62fdaa52a3d0: btrfs: Detect unbalanced tree with empty leaf before crashing On NVD site link of "commit 09ba3bc9dd150457c506e4661380a6183af651c1" was given as the fix for this CVE. But the issue was still reproducible. So had to apply patch "Commit 62fdaa52a3d00a875da771719b6dc537ca79fce1" to fix the issue.