A NULL pointer dereference flaw was found in F2FS_P_SB in fs/f2fs/f2fs.h in F2FS filesystem exploiting NAND flash memory-based storage device. This flaw could allow an attacker to crash the system or leak internal kernel information. Reference: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19815 Upstream commit: https://github.com/torvalds/linux/commit/4969c06a0d83c9c3dc50b8efcdc8eeedfce896f6#diff-41a7fa4590d2af87e82101f2b4dadb56
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1784921]
This is fixed for Fedora with the 5.3.x kernel rebases.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Statement: There was no shipped kernel version were seen affected with this problem. These files are not built in our source code.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19815