A vulnerability was found in ext4_empty_dir in fs/ext4/namei.c in the Linux kernel allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. Reference: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1775183]
This is fixed for Fedora with the 5.4.7 stable kernel updates.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Statement: This issue is rated as having Low impact because of the preconditions needed to trigger the issue (physical access or user interaction to mount the crafted filesystem image).