Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-8159
HistoryDec 31, 2014 - 12:00 a.m.

CVE-2014-8159

2014-12-3100:00:00
ubuntu.com
ubuntu.com
20

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%

The InfiniBand (IB) implementation in the Linux kernel package before
2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly
restrict use of User Verbs for registration of memory regions, which allows
local users to access arbitrary physical memory locations, and consequently
cause a denial of service (system crash) or gain privileges, by leveraging
permissions on a uverbs device under /dev/infiniband/.

Bugs

Notes

Author Note
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
jj was recorded as CVE-2015-8159 in git commits
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlinux< 2.6.32-73.141UNKNOWN
ubuntu12.04noarchlinux< 3.2.0-77.114UNKNOWN
ubuntu14.04noarchlinux< 3.13.0-46.79UNKNOWN
ubuntu14.10noarchlinux< 3.16.0-31.43UNKNOWN
ubuntu12.04noarchlinux-armadaxp< 3.2.0-1647.66UNKNOWN
ubuntu12.04noarchlinux-lts-trusty< 3.13.0-46.79~precise1UNKNOWN
ubuntu14.04noarchlinux-lts-utopic< 3.16.0-31.43~14.04.1UNKNOWN
ubuntu12.04noarchlinux-ti-omap4< 3.2.0-1462.82UNKNOWN

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%