QwikSec

Security Database

CVE

CWE

Training

CVE-2014-8159

Published: Mar 16, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

SUSE-SU-2015:1491

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

SUSE-SU-2015:1489

vendor-advisory

x_refsource_SUSE

SUSE-SU-2015:1488

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

SUSE-SU-2015:1478

vendor-advisory

x_refsource_SUSE

FEDORA-2015-4066

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=1181166

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

SUSE-SU-2015:1487

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.