A flaw was found in the Linux kernels BTRFS implementation where a local privileged attacker can mount a crafted BRTFS disk or image, modify files from the mount point then sync() the disk image. During the syncfs procedure, the kernel will attempt to consolidate free space and will cause a use-after-free while rebalancing an in-memory red-black tree. This could lead to memory corruption, kernel panic and possibly privilege escalation. External Reference: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1781675]
This flaw is rated as a moderate as it requires above normal user privileges to mount and unmount a BTRFS filesystem in a server environment.
Mitigation: If the system requires this filesystem to work correctly, this mitigation may not be suitable. As the BTRFS module will be auto-loaded when required, autoloading can be prevented by disabling the module, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.
This was fixed for Fedora with the 5.7.17 stable kernel updates.