APPLIED: [CVE-2011-2928] befs: Validate length of long symbolic links

Tim Gardner tim.gardner at canonical.com
Tue Sep 13 15:35:31 UTC 2011


On 09/13/2011 09:21 AM, Andy Whitcroft wrote:
> CVE-2011-2928
> 	The befs_follow_link function in fs/befs/linuxvfs.c in the Linux
> 	kernel before 3.1-rc3 does not validate the length attribute
> 	of long symlinks, which allows local users to cause a denial of
> 	service (incorrect pointer dereference and OOPS) by accessing a
> 	long symlink on a malformed Be filesystem.
>
> Following this email are two patch sets, the first a pair of patches for
> hardy, the second a patch for lucid/fsl-imx51, maverick, maverick/ti-omap4,
> natty, natty/ti-omap4, and oneiric/ti-omap4.  The hardy patch set consists
> of two simple cherry-picks, the additional patch being a related security
> fix.  The lucid et al set is also a simple cherry-pick from upstream.
>
> Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4,
> natty, natty/ti-omap4, and oneiric/ti-omap4.
>
> -apw
>


-- 
Tim Gardner tim.gardner at canonical.com




More information about the kernel-team mailing list