It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Find out more about CVE-2014-8159 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue did affect the Linux kernel packages as shipped with Red Hat
Enterprise Linux 5, 6, and 7, and Red Hat Enterprise MRG 2. This issue
has been addressed in the respective releases.
| Base Score | 6.2 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:N/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux Advanced Update Support 6.2 (kernel) | RHSA-2015:0695 | 2015-03-17 |
| Red Hat Enterprise Linux EUS (v. 5.9 server) (kernel) | RHSA-2015:0870 | 2015-04-22 |
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2015:0674 | 2015-03-11 |
| Red Hat Enterprise Linux 5 (kernel) | RHSA-2015:0783 | 2015-04-07 |
| Red Hat Enterprise Linux Advanced Update Support 6.4 (kernel) | RHSA-2015:0803 | 2015-04-14 |
| Red Hat Enterprise Linux Long Life (v. 5.6 server) (kernel) | RHSA-2015:0919 | 2015-04-30 |
| Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2015:0751 | 2015-03-30 |
| Red Hat Enterprise Linux Extended Update Support 6.5 (kernel) | RHSA-2015:0782 | 2015-04-07 |
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2015:0726 | 2015-03-26 |
| Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2015:0727 | 2015-03-26 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | kernel | Affected |
| Red Hat Enterprise Linux 4 | kernel | Will not fix |
Vulmon