Lucene search

[email protected]CVE-2014-8159

HistoryMar 16, 2015 - 10:59 a.m.

CVE-2014-8159

2015-03-1610:59:00

CWE-264

[email protected]

web.nvd.nist.gov

infiniband

linux kernel

cve-2014-8159

memory access vulnerability

nvd

security vulnerability

6.3 Medium

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle2.6.32
redhat:enterprise_linuxredhat enterprise linuxeq6.0

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	2.6.32
redhat:enterprise_linux	redhat enterprise linux	eq	6.0

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html

rhn.redhat.com/errata/RHSA-2015-0674.html

rhn.redhat.com/errata/RHSA-2015-0695.html

rhn.redhat.com/errata/RHSA-2015-0726.html

rhn.redhat.com/errata/RHSA-2015-0751.html

rhn.redhat.com/errata/RHSA-2015-0782.html

rhn.redhat.com/errata/RHSA-2015-0783.html

rhn.redhat.com/errata/RHSA-2015-0803.html

rhn.redhat.com/errata/RHSA-2015-0870.html

rhn.redhat.com/errata/RHSA-2015-0919.html

www.debian.org/security/2015/dsa-3237

www.securityfocus.com/bid/73060

www.securitytracker.com/id/1032224

www.ubuntu.com/usn/USN-2525-1

www.ubuntu.com/usn/USN-2526-1

www.ubuntu.com/usn/USN-2527-1

www.ubuntu.com/usn/USN-2528-1

www.ubuntu.com/usn/USN-2529-1

www.ubuntu.com/usn/USN-2530-1

www.ubuntu.com/usn/USN-2561-1

bugzilla.redhat.com/show_bug.cgi?id=1181166

6.3 Medium

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

Related for CVE-2014-8159

nessus45 openvas45 redhat10 ubuntu7 debiancve1 prion1 veracode2 securityvulns3 cloudfoundry2 oraclelinux11 centos3 fedora13 ubuntucve1 f52 suse7 mageia3 debian4 osv3