CVE-2012-5375
published 2013-02-18CVE-2012-5375: The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation)…
PriorityP416medium4CVSS 2.0
AVLACHAuNCNINAC
EXPLOIT
EPSS
0.86%
53.9th percentile
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.
Affected
147 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 3.8-1 (bookworm) | linux 3.8-1 (bookworm) |
| linux | linux_kernel | <= 3.8 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:L/AC:H/Au:N/C:N/I:N/A:C
osv4.0MEDIUM
vendor_debian4.0LOW
vendor_redhat4.0MEDIUM
vendor_ubuntu4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-857w-w5qw-hx3x: The CRC32C feature in the Btrfs implementation in the Linux kernel before 3
ghsa_unreviewed·2022-05-17
CVE-2012-5375 [MEDIUM] GHSA-857w-w5qw-hx3x: The CRC32C feature in the Btrfs implementation in the Linux kernel before 3
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.
OSV
CVE-2012-5375: The CRC32C feature in the Btrfs implementation in the Linux kernel before 3
osv·2013-02-18·CVSS 4.0
CVE-2012-5375 [MEDIUM] CVE-2012-5375: The CRC32C feature in the Btrfs implementation in the Linux kernel before 3
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2013-11-08·CVSS 4.0
CVE-2012-5374 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A denial of service flaw was discovered in the Btrfs file system in the
Linux kernel. A local user could cause a denial of service by creating a
large number of files with names that have the same CRC32 hash value.
(CVE-2012-5374)
A denial of service flaw was discovered in the Btrfs file system in the
Linux kernel. A local user could cause a denial of service (prevent file
creation) for a victim, by creating a file with a specific CRC32C hash
value in a directory important to the victim. (CVE-2012-5375)
Dan Carpenter discovered an information leak in the HP Smart Array and
Compaq SMART2 disk-array driver in the Linux kernel. A local user could
exploit this flaw to obtain sensitive inf
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2013-11-08·CVSS 4.0
CVE-2012-5374 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
A denial of service flaw was discovered in the Btrfs file system in the
Linux kernel. A local user could cause a denial of service by creating a
large number of files with names that have the same CRC32 hash value.
(CVE-2012-5374)
A denial of service flaw was discovered in the Btrfs file system in the
Linux kernel. A local user could cause a denial of service (prevent file
creation) for a victim, by creating a file with a specific CRC32C hash
value in a directory important to the victim. (CVE-2012-5375)
Dan Carpenter discovered an information leak in the HP Smart Array and
Compaq SMART2 disk-array driver in the Linux kernel. A local user could
exploit this flaw to obtain sensitive information
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities
vendor_ubuntu·2013-09-07·CVSS 4.0
CVE-2012-5374 [MEDIUM] Linux kernel (Quantal HWE) vulnerabilities
Title: Linux kernel (Quantal HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A denial of service flaw was discovered in the Btrfs file system in the
Linux kernel. A local user could cause a denial of service by creating a
large number of files with names that have the same CRC32 hash value.
(CVE-2012-5374)
A denial of service flaw was discovered in the Btrfs file system in the
Linux kernel. A local user could cause a denial of service (prevent file
creation) for a victim, by creating a file with a specific CRC32C hash
value in a directory important to the victim. (CVE-2012-5375)
Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that
allows for privilege escalation. A local user could exploit this flaw to
run commands as root when using the
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2013-09-06·CVSS 4.0
CVE-2012-5374 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A denial of service flaw was discovered in the Btrfs file system in the
Linux kernel. A local user could cause a denial of service by creating a
large number of files with names that have the same CRC32 hash value.
(CVE-2012-5374)
A denial of service flaw was discovered in the Btrfs file system in the
Linux kernel. A local user could cause a denial of service (prevent file
creation) for a victim, by creating a file with a specific CRC32C hash
value in a directory important to the victim. (CVE-2012-5375)
Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that
allows for privilege escalation. A local user could exploit this flaw to
run commands as root when using the perf
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2013-09-06·CVSS 4.0
CVE-2012-5374 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
A denial of service flaw was discovered in the Btrfs file system in the
Linux kernel. A local user could cause a denial of service by creating a
large number of files with names that have the same CRC32 hash value.
(CVE-2012-5374)
A denial of service flaw was discovered in the Btrfs file system in the
Linux kernel. A local user could cause a denial of service (prevent file
creation) for a victim, by creating a file with a specific CRC32C hash
value in a directory important to the victim. (CVE-2012-5375)
Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that
allows for privilege escalation. A local user could exploit this flaw to
run commands as root when using the perf tool. (C
Red Hat
(btrfs): DoS (prevention of file creation) by leveraging the ability to write to a directory important for the victim
vendor_redhat·2012-12-13·CVSS 4.0
CVE-2012-5375 [MEDIUM] (btrfs): DoS (prevention of file creation) by leveraging the ability to write to a directory important for the victim
(btrfs): DoS (prevention of file creation) by leveraging the ability to write to a directory important for the victim
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.
Statement: Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel-rt (Red Hat Enterprise MRG 2) - Not affected
Debian
CVE-2012-5375: linux - The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc...
vendor_debian·2012·CVSS 4.0
CVE-2012-5375 [MEDIUM] CVE-2012-5375: linux - The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc...
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.
Scope: local
bookworm: resolved (fixed in 3.8-1)
bullseye: resolved (fixed in 3.8-1)
forky: resolved (fixed in 3.8-1)
sid: resolved (fixed in 3.8-1)
trixie: resolved (fixed in 3.8-1)
No detection rules found.
http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9c52057c698fb96f8f07e7a4bcf4801a092bda89http://openwall.com/lists/oss-security/2012/12/13/20http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2http://www.ubuntu.com/usn/USN-1944-1http://www.ubuntu.com/usn/USN-1945-1http://www.ubuntu.com/usn/USN-1946-1http://www.ubuntu.com/usn/USN-1947-1http://www.ubuntu.com/usn/USN-2017-1https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9c52057c698fb96f8f07e7a4bcf4801a092bda89http://openwall.com/lists/oss-security/2012/12/13/20http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2http://www.ubuntu.com/usn/USN-1944-1http://www.ubuntu.com/usn/USN-1945-1http://www.ubuntu.com/usn/USN-1946-1http://www.ubuntu.com/usn/USN-1947-1http://www.ubuntu.com/usn/USN-2017-1https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89
2013-02-18
Published