Description
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19815
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/4969c06a0d83c9c3dc50b8efcdc8eeedfce896f6#diff-41a7fa4590d2af87e82101f2b4dadb56
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200103-0001/
Scores
CVSS v3
5.5
EPSS
0.0111
EPSS Percentile
78.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
linux/linux_kernel
5.0.21
Published
Dec 17, 2019
Tracked Since
Feb 18, 2026