(RHSA-2015:0870) Important: kernel security update

2015-04-22T04:00:00
ID RHSA-2015:0870
Type redhat
Reporter RedHat
Modified 2017-09-08T12:08:14

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

  • It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important)

Red Hat would like to thank Mellanox for reporting this issue.

All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect.