The Linux kernel 5.0.21 contains a use after free vulnerability CVE-2019-19377. The vulnerability documented on 29.11.2019 with a CVE number is currently awaiting analysis.
The following tweet mentions to the vulnerability CVE-2019-19377 in the Linux kernel 5.0.21.
— ZeroSecVulns (@ZeroSecVulns) December 3, 2019
The problem: The Linux kernel 5.0.21 has a use-after-free vulnerability which can be exploited by operations like mounting a prepared btrfs file system image, performing some operations and unmounting. The error is in btrfs_queue_work in fs/btrfs/async-thread.c.