APPLIED: [CVE-2011-2928] befs: Validate length of long symbolic links
tim.gardner at canonical.com
Tue Sep 13 15:35:31 UTC 2011
On 09/13/2011 09:21 AM, Andy Whitcroft wrote:
> The befs_follow_link function in fs/befs/linuxvfs.c in the Linux
> kernel before 3.1-rc3 does not validate the length attribute
> of long symlinks, which allows local users to cause a denial of
> service (incorrect pointer dereference and OOPS) by accessing a
> long symlink on a malformed Be filesystem.
> Following this email are two patch sets, the first a pair of patches for
> hardy, the second a patch for lucid/fsl-imx51, maverick, maverick/ti-omap4,
> natty, natty/ti-omap4, and oneiric/ti-omap4. The hardy patch set consists
> of two simple cherry-picks, the additional patch being a related security
> fix. The lucid et al set is also a simple cherry-pick from upstream.
> Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4,
> natty, natty/ti-omap4, and oneiric/ti-omap4.
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team