fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. Reference: https://github.com/bobfuzzer/CVE-2019-18885 Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ba3bc9dd150457c506e4661380a6183af651c1
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1775747]
This was fixed for Fedora with the 5.1 kernel rebases.
Statement: The Btrfs was introduced as a Technology Preview in both Red Hat Enterprise Linux 6 and 7 but is currently deprecated and not supported in both Red Hat Enterprise Linux releases.