[CVE-2011-2928] befs: Validate length of long symbolic links
apw at canonical.com
Tue Sep 13 15:21:23 UTC 2011
The befs_follow_link function in fs/befs/linuxvfs.c in the Linux
kernel before 3.1-rc3 does not validate the length attribute
of long symlinks, which allows local users to cause a denial of
service (incorrect pointer dereference and OOPS) by accessing a
long symlink on a malformed Be filesystem.
Following this email are two patch sets, the first a pair of patches for
hardy, the second a patch for lucid/fsl-imx51, maverick, maverick/ti-omap4,
natty, natty/ti-omap4, and oneiric/ti-omap4. The hardy patch set consists
of two simple cherry-picks, the additional patch being a related security
fix. The lucid et al set is also a simple cherry-pick from upstream.
Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4,
natty, natty/ti-omap4, and oneiric/ti-omap4.
More information about the kernel-team