redhat官方给出的方案：
CVSS2 score of important, 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Note that the CVSS 'access vector' is set to AV:L as this is a vulnerability
exploitable with only local access.

Mitigation:
It is possible to mitigate this flaw by blacklisting the affected protocols.
Note that this is not an exhaustive list of modules to blacklist, but this
should prevent the publicly circulated exploit from working properly as this is
the list of protocols (relevant to RHEL) known to be affected.

** Ensure that the module is not already loaded, if not, these mitigation steps
will not work.

** We have used the 'install' command to direct the system to run '/bin/true'
instead of actually inserting the kernel module if it is called.

** On Red Hat Enterprise Linux 3, add this entry to the end of the
/etc/modules.conf file:

install bluez /bin/true

Note that the bluez module is from the kernel-unsupported package. If you do
not have this package installed, then you do not have this module.

** On Red Hat Enterprise Linux 4 and 5, add these entries to the end of the
/etc/modprobe.conf file:

install pppox /bin/true
install bluetooth /bin/true
install sctp /bin/true

Note that the sctp module cannot be unloaded in the running kernel if it is
already loaded. You will need to make the changes in the /etc/modprobe.conf
file and do a reboot.

** On Red Hat Enterprise MRG, add these entries to the end of the
/etc/modprobe.conf file:

install pppox /bin/true
install bluetooth /bin/true
install appletalk /bin/true
install ipx /bin/true
install sctp /bin/true

"经测试各种系统都有问题，即使开启了SELinux了也不行。"

这个漏洞就是SELinux的漏洞 不开启不会利用成功
最好还是kernel noexec :P