CVE-2012-5375

Linux kernel < 3.8 - Denial of Service via Btrfs CRC32C Hash Collision

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5375. PoCs published by Pascal Junod.

AI-analyzed exploit summary This exploit leverages a CRC32 collision vulnerability in the Linux kernel to trigger an infinite loop, causing a local denial-of-service (DoS). The code generates malformed filenames with forged CRC32 values to exploit the flaw.

Description

The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pascal Junod · pythondoslinux

https://www.exploit-db.com/exploits/38132

View Code ZIP pw:eip

This exploit leverages a CRC32 collision vulnerability in the Linux kernel to trigger an infinite loop, causing a local denial-of-service (DoS). The code generates malformed filenames with forged CRC32 values to exploit the flaw.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (versions affected by CVE-2012-5375)

No auth needed

Prerequisites: Local access to the target system

MITRE ATT&CK