In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. A flaw was found in the implementation of the BTRFS file system code in the Linux kernel. An attacker, who is able to mount a crafted BTRFS filesystem and perform common filesystem operations, can possibly cause an out-of-bounds write to memory. This could lead to memory corruption or privilege escalation. This flaw is rated as having Moderate impact, there is a possibility that there is a write, although it is an uncontrolled write in a fixed offset from the current location. Also this issue is in non-default filesystem. An issue was discovered in Xen through 4.14.x. Some OSes are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD dom0 are vulnerable. An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring-