CVE 2014-8159
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
Related bugs and status
CVE-2014-8159 (Candidate) is related to these bugs:
Bug #1413741: CVE-2014-8159
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1413741 | CVE-2014-8159 | linux (Ubuntu) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-fsl-imx51 (Ubuntu) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-mvl-dove (Ubuntu) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-backport-maverick (Ubuntu) | Undecided | New | ||
1413741 | CVE-2014-8159 | linux-lts-backport-natty (Ubuntu) | Undecided | New | ||
1413741 | CVE-2014-8159 | linux-ti-omap4 (Ubuntu) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-ec2 (Ubuntu) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux (Ubuntu Vivid) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-ec2 (Ubuntu Vivid) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-fsl-imx51 (Ubuntu Vivid) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-backport-maverick (Ubuntu Vivid) | Undecided | New | ||
1413741 | CVE-2014-8159 | linux-lts-backport-natty (Ubuntu Vivid) | Undecided | New | ||
1413741 | CVE-2014-8159 | linux-mvl-dove (Ubuntu Vivid) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-ti-omap4 (Ubuntu Vivid) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-backport-maverick (Ubuntu Utopic) | Undecided | Won't Fix | ||
1413741 | CVE-2014-8159 | linux-lts-backport-natty (Ubuntu Utopic) | Undecided | Won't Fix | ||
1413741 | CVE-2014-8159 | linux (Ubuntu Trusty) | High | Fix Released | ||
1413741 | CVE-2014-8159 | linux-ec2 (Ubuntu Trusty) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-fsl-imx51 (Ubuntu Trusty) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-backport-maverick (Ubuntu Trusty) | Undecided | New | ||
1413741 | CVE-2014-8159 | linux-lts-backport-natty (Ubuntu Trusty) | Undecided | New | ||
1413741 | CVE-2014-8159 | linux-mvl-dove (Ubuntu Trusty) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-ti-omap4 (Ubuntu Trusty) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux (Ubuntu Precise) | High | Fix Released | ||
1413741 | CVE-2014-8159 | linux-ec2 (Ubuntu Precise) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-fsl-imx51 (Ubuntu Precise) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-backport-maverick (Ubuntu Precise) | Undecided | Won't Fix | ||
1413741 | CVE-2014-8159 | linux-lts-backport-natty (Ubuntu Precise) | Undecided | Won't Fix | ||
1413741 | CVE-2014-8159 | linux-mvl-dove (Ubuntu Precise) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-ti-omap4 (Ubuntu Precise) | High | Fix Released | ||
1413741 | CVE-2014-8159 | linux-lts-backport-maverick (Ubuntu Lucid) | Undecided | Won't Fix | ||
1413741 | CVE-2014-8159 | linux-lts-backport-natty (Ubuntu Lucid) | Undecided | Won't Fix | ||
1413741 | CVE-2014-8159 | linux-lts-trusty (Ubuntu) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-trusty (Ubuntu Precise) | High | Fix Released | ||
1413741 | CVE-2014-8159 | linux-lts-trusty (Ubuntu Trusty) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-trusty (Ubuntu Vivid) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-armadaxp (Ubuntu) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-armadaxp (Ubuntu Precise) | High | Fix Released | ||
1413741 | CVE-2014-8159 | linux-armadaxp (Ubuntu Trusty) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-armadaxp (Ubuntu Vivid) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-goldfish (Ubuntu) | High | New | ||
1413741 | CVE-2014-8159 | linux-goldfish (Ubuntu Precise) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-goldfish (Ubuntu Trusty) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-goldfish (Ubuntu Vivid) | High | Won't Fix | ||
1413741 | CVE-2014-8159 | linux-lts-saucy (Ubuntu) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-saucy (Ubuntu Precise) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-saucy (Ubuntu Trusty) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-saucy (Ubuntu Vivid) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-quantal (Ubuntu) | High | Invalid | ||
1413741 | CVE-2014-8159 | linux-lts-quantal (Ubuntu Precise) | High | Invalid |
Bug #1430930: linux: 3.19.0-9.9 -proposed tracker
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1430930 | linux: 3.19.0-9.9 -proposed tracker | linux (Ubuntu) | Medium | Fix Released | ||
1430930 | linux: 3.19.0-9.9 -proposed tracker | linux (Ubuntu Vivid) | Medium | Fix Released | ||
1430930 | linux: 3.19.0-9.9 -proposed tracker | Kernel Development Workflow | Medium | Fix Released | ||
1430930 | linux: 3.19.0-9.9 -proposed tracker | Kernel Development Workflow automated-testing | Medium | Won't Fix | ||
1430930 | linux: 3.19.0-9.9 -proposed tracker | Kernel Development Workflow prepare-package | Medium | Fix Released | ||
1430930 | linux: 3.19.0-9.9 -proposed tracker | Kernel Development Workflow prepare-package-meta | Medium | Fix Released | ||
1430930 | linux: 3.19.0-9.9 -proposed tracker | Kernel Development Workflow prepare-package-signed | Medium | Fix Released | ||
1430930 | linux: 3.19.0-9.9 -proposed tracker | Kernel Development Workflow promote-to-release | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.