I was recently informed on #btrfs that simply attaching a device with the same UUID as an active BTRFS filesystem to a system would cause silent corruption of the active disk. Two questions, since this seems like a fairly serious and potentially CVE-worthy bug (trivial case would seem to be a USB thumbdrive with a purposeful UUID collision used to quietly corrupt data on a system that is otherwise secured): 1.) Is this information correct? 2.) Does https://lkml.org/lkml/2019/2/10/23 offer sufficient protection against a malicious device being attached iff the malicious device is never mounted? Thank you!
