Bug 912341 (CVE-2012-5374) - CVE-2012-5374 kernel (btrfs): DoS (extended runtime of kernel code) via CRC32C hash collisions
Summary: CVE-2012-5374 kernel (btrfs): DoS (extended runtime of kernel code) via CRC32...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2012-5374
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 912344
TreeView+ depends on / blocked
 
Reported: 2013-02-18 13:14 UTC by Jan Lieskovsky
Modified: 2021-02-17 08:02 UTC (History)
23 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-10 04:56:31 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2013-02-18 13:14:24 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5374 to the following vulnerability:

The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.

References:
[1] http://openwall.com/lists/oss-security/2012/12/13/20
[2] http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/
[3] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c52057c698fb96f8f07e7a4bcf4801a092bda89
[4] http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2
[5] https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89

This is a kernel non-issue:
---------------------------
[UPDATE OF 17/12/2012] As several readers of this post have noticed, and I would like to warmly thank them for their feedback, the second attack does NOT generate an infinite loop within the btrfs code, but merely within the bash expansion code which is responsible to expand the command line rm *. This can be seen in the above screenshot, as the CPU is burnt in userland, and not in the kernel. Hence, what I thought to be a complexity attack against the btrfs file system is actually a (less glamorous) complexity attack against bash.

 -> http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/

Comment 2 Doran Moppert 2020-02-11 00:27:57 UTC
Statement:

Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details.


Note You need to log in before you can comment on or make changes to this bug.