Denial of Service Vulnerability in Linux Kernel's befs_follow_link Function

Denial of Service Vulnerability in Linux Kernel's befs_follow_link Function

CVE-2011-2928 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.