Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5375 to the following vulnerability: The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value. References: [1] http://openwall.com/lists/oss-security/2012/12/13/20 [2] http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/ [3] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c52057c698fb96f8f07e7a4bcf4801a092bda89 [4] http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2 [5] https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89 This is a kernel non-issue: --------------------------- [UPDATE OF 17/12/2012] As several readers of this post have noticed, and I would like to warmly thank them for their feedback, the second attack does NOT generate an infinite loop within the btrfs code, but merely within the bash expansion code which is responsible to expand the command line rm *. This can be seen in the above screenshot, as the CPU is burnt in userland, and not in the kernel. Hence, what I thought to be a complexity attack against the btrfs file system is actually a (less glamorous) complexity attack against bash. -> http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/
Statement: Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details.