关键信息 Advisory ID: PRE-SA-2011-06 Release Date: 19 August 2011 Last Updated: 19 August 2011 Affected Products: Linux Kernel 2.4, 2.6, and 3.0 Impact: Denial-of-service Origin: Be file system Credit: Timo Warns (PRESENSE Technologies GmbH) CVE Identifier: CVE-2011-2928 Summary The Linux Kernel contains a vulnerability in the driver for Be file systems that may lead to a kernel oops via a corrupted Be file system. Vulnerability Details In , reads a length attribute for a long symlink from a data stream of a Be file system. The value is not validated and can be 0 on a corrupted file system. This leads to returning a , causing a kernel oops while dereferencing the pointer. Workaround Compile and use a kernel that does not support the Be file system. The corresponding configuration key is . Solution A patch is available at: http://git.kernel.org/linus/338d0f0a6fbc82407864606f5b64b75aeb3c70f2 References The most recent version of this advisory is available at: http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt