fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfsverifydevextents NULL pointer dereference via a crafted btrfs image because fsdevices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
{ "urgency": "not yet assigned" }