A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
An upstream fix:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1596774]
This is fixed for Fedora with the 4.17.6 stable kernel update
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:0525 https://access.redhat.com/errata/RHSA-2019:0525