Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8159

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2014-8159
Last Modified 03 Jun 2015 10:00:42
Published 16 Mar 2015 06:59:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8159

Summary

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.32

  • Redhat Enterprise Linux 6


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1181166

UBUNTU - USN-2530-1

UBUNTU - USN-2529-1

UBUNTU - USN-2528-1

UBUNTU - USN-2527-1

UBUNTU - USN-2526-1

UBUNTU - USN-2525-1

REDHAT - RHSA-2015:0674

REDHAT - RHSA-2015:0695

FEDORA - FEDORA-2015-4066

REDHAT - RHSA-2015:0726

REDHAT - RHSA-2015:0751

REDHAT - RHSA-2015:0783

REDHAT - RHSA-2015:0782

REDHAT - RHSA-2015:0803

SECTRACK - 1032224

REDHAT - RHSA-2015:0919

BID - 73060

DEBIAN - DSA-3237

Related Patches

Novell SUSE 2015:10717 kernel security update for SLE 11 SP3 i586

Novell SUSE 2015:10740 kernel security update for SLE 11 SP3 x86_64


Last Updated: 27 May 2016 11:08:38