CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
10.1%
The InfiniBand (IB) implementation in the Linux kernel package before
2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly
restrict use of User Verbs for registration of memory regions, which allows
local users to access arbitrary physical memory locations, and consequently
cause a denial of service (system crash) or gain privileges, by leveraging
permissions on a uverbs device under /dev/infiniband/.
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
jj | was recorded as CVE-2015-8159 in git commits |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | < 2.6.32-73.141 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | < 3.2.0-77.114 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-46.79 | UNKNOWN |
ubuntu | 14.10 | noarch | linux | < 3.16.0-31.43 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1647.66 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-46.79~precise1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-utopic | < 3.16.0-31.43~14.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1462.82 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2014-8159
nvd.nist.gov/vuln/detail/CVE-2014-8159
security-tracker.debian.org/tracker/CVE-2014-8159
ubuntu.com/security/notices/USN-2525-1
ubuntu.com/security/notices/USN-2526-1
ubuntu.com/security/notices/USN-2527-1
ubuntu.com/security/notices/USN-2528-1
ubuntu.com/security/notices/USN-2529-1
ubuntu.com/security/notices/USN-2530-1
ubuntu.com/security/notices/USN-2561-1
www.cve.org/CVERecord?id=CVE-2014-8159