The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c. References: https://bugzilla.kernel.org/show_bug.cgi?id=205609 https://bugzilla.kernel.org/show_bug.cgi?id=205707 Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1786161]
This was fixed for Fedora with the 5.3.15 stable kernel updates.
Mitigation: The mitigation is not to use debug_want_extra_isize parameter when mounting ext4 FS.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2854 https://access.redhat.com/errata/RHSA-2020:2854
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19767
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609