4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.2%
The CRC32C feature in the Btrfs implementation in the Linux kernel before
3.8-rc1 allows local users to cause a denial of service (extended runtime
of kernel code) by creating many different files whose names are associated
with the same CRC32C hash value.
Author | Note |
---|---|
jdstrand | Per kernel team, patch is too intrusive to backport |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | < 3.2.0-56.86 | UNKNOWN |
ubuntu | 12.10 | noarch | linux | < 3.5.0-40.62 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1627.39 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-armadaxp | < 3.5.0-1621.29 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-quantal | < 3.5.0-40.62~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1440.59 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-ti-omap4 | < 3.5.0-232.48 | UNKNOWN |
ubuntu | 13.04 | noarch | linux-ti-omap4 | < 3.5.0-232.48 | UNKNOWN |
crypto.junod.info/2012/12/13/hash-dos-and-btrfs/
www.openwall.com/lists/oss-security/2012/12/13/20
launchpad.net/bugs/cve/CVE-2012-5374
nvd.nist.gov/vuln/detail/CVE-2012-5374
security-tracker.debian.org/tracker/CVE-2012-5374
ubuntu.com/security/notices/USN-1944-1
ubuntu.com/security/notices/USN-1945-1
ubuntu.com/security/notices/USN-1946-1
ubuntu.com/security/notices/USN-1947-1
ubuntu.com/security/notices/USN-2017-1
ubuntu.com/security/notices/USN-2018-1
www.cve.org/CVERecord?id=CVE-2012-5374