Cryptographic issues in Linux kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2012-5375 |
| CWE-ID | CWE-310 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Cryptographic issues
EUVDB-ID: #VU43083
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2012-5375
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.0 - 3.7.9
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.0.9:*:*:*:*:*:*:*
https://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c52057c698fb96f8f07e7a4bcf4801a092bda89
https://openwall.com/lists/oss-security/2012/12/13/20
https://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2
https://www.ubuntu.com/usn/USN-1944-1
https://www.ubuntu.com/usn/USN-1945-1
https://www.ubuntu.com/usn/USN-1946-1
https://www.ubuntu.com/usn/USN-1947-1
https://www.ubuntu.com/usn/USN-2017-1
https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
