CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
10.1%
CVE-2014-8159 – Linux Kernel Infiniband Vulnerability
High
Canonical Ubuntu
It was found that the Linux kernel’s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from the userspace via the (u)verbs API. As a result, an unrestricted physical memory access could be achieved. A local user with access to /dev/infiniband/uverbsX could use this flaw to crash the system or, potentially, escalate their privileges on the system.
The Cloud Foundry team is aware of vulnerable versions of the Linux kernel but has determined that the project is not affected by this vulnerability.
_Severity is high unless otherwise noted.
_
Users of affected versions should apply the following mitigation:
Mellanox