Unrated severityNVD Advisory· Published Aug 29, 2011· Updated Apr 29, 2026

CVE-2011-2928

Description

The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.

Affected products

Linux/Kernel4 versions
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <3.1
- cpe:2.3:o:linux:linux_kernel:3.1:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securityreason.com/securityalert/8360nvdExploitThird Party Advisory
www.openwall.com/lists/oss-security/2011/08/19/1nvdExploitMailing ListPatchThird Party Advisory
www.openwall.com/lists/oss-security/2011/08/19/5nvdExploitMailing ListPatchThird Party Advisory
www.pre-cert.de/advisories/PRE-SA-2011-06.txtnvdExploitThird Party Advisory
www.securityfocus.com/archive/1/519387/100/0/threadednvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/49256nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/69343nvdThird Party AdvisoryVDB Entry
www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.1-rc3nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000