On Tue, Jun 09, 2020 at 12:20:16PM +0530, Vikash Bansal wrote: > CVE Description: > NVD Site Link: https://nvd.nist.gov/vuln/detail?vulnId=CVE-2019-18885 > > It was discovered that the btrfs file system in the Linux kernel did not > properly validate metadata, leading to a NULL pointer dereference. An > attacker could use this to specially craft a file system image that, when > mounted, could cause a denial of service (system crash). > > [PATCH v4.19.y 1/2]: > Backporting of upsream commit 09ba3bc9dd15: > btrfs: merge btrfs_find_device and find_device > > [PATCH v4.19.y 2/2]: > Backporting of upstream commit 62fdaa52a3d0: > btrfs: Detect unbalanced tree with empty leaf before crashing > > On NVD site link of "commit 09ba3bc9dd150457c506e4661380a6183af651c1" > was given as the fix for this CVE. But the issue was still reproducible. > So had to apply patch "Commit 62fdaa52a3d00a875da771719b6dc537ca79fce1" > to fix the issue. Looks good, now queued up,t hanks. greg k-h
