CVE-2012-5374

Published: 18 February 2013

The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.

From the Ubuntu security team

A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a denial of service by creating a large number of files with names that have the same CRC32 hash value.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.11.0-12.19)
Patches:
Introduced by 39279cc3d2704cfbf9c35dcb5bdd392159ae4625
Fixed by 9c52057c698fb96f8f07e7a4bcf4801a092bda89
linux-armadaxp
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-grouper
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [see note])
linux-linaro-omap
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-raring
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-maguro
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [see note])
linux-mako
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-manta
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [was needed now end-of-life])
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-qcm-msm
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (3.8~rc1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
jdstrand 
Per kernel team, patch is too intrusive to backport

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading