CVE-2014-8159

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
References
Link Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0674.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0695.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0726.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0751.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0782.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0783.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0803.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0870.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0919.html Third Party Advisory
http://www.debian.org/security/2015/dsa-3237 Third Party Advisory
http://www.securityfocus.com/bid/73060 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032224 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2525-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2526-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2527-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2528-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2529-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2530-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2561-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1181166 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

06 Jun 2024, 19:46

Type Values Removed Values Added
References () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html - () http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html - () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html - () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html - () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html - () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html - () http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html - Mailing List, Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2015-0674.html - () http://rhn.redhat.com/errata/RHSA-2015-0674.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2015-0695.html - () http://rhn.redhat.com/errata/RHSA-2015-0695.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2015-0726.html - () http://rhn.redhat.com/errata/RHSA-2015-0726.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2015-0751.html - () http://rhn.redhat.com/errata/RHSA-2015-0751.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2015-0782.html - () http://rhn.redhat.com/errata/RHSA-2015-0782.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2015-0783.html - () http://rhn.redhat.com/errata/RHSA-2015-0783.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2015-0803.html - () http://rhn.redhat.com/errata/RHSA-2015-0803.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2015-0870.html - () http://rhn.redhat.com/errata/RHSA-2015-0870.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2015-0919.html - () http://rhn.redhat.com/errata/RHSA-2015-0919.html - Third Party Advisory
References () http://www.debian.org/security/2015/dsa-3237 - () http://www.debian.org/security/2015/dsa-3237 - Third Party Advisory
References () http://www.securityfocus.com/bid/73060 - () http://www.securityfocus.com/bid/73060 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1032224 - () http://www.securitytracker.com/id/1032224 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-2525-1 - () http://www.ubuntu.com/usn/USN-2525-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2526-1 - () http://www.ubuntu.com/usn/USN-2526-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2527-1 - () http://www.ubuntu.com/usn/USN-2527-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2528-1 - () http://www.ubuntu.com/usn/USN-2528-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2529-1 - () http://www.ubuntu.com/usn/USN-2529-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2530-1 - () http://www.ubuntu.com/usn/USN-2530-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2561-1 - () http://www.ubuntu.com/usn/USN-2561-1 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=1181166 - () https://bugzilla.redhat.com/show_bug.cgi?id=1181166 - Issue Tracking, Third Party Advisory
First Time Debian
Canonical ubuntu Linux
Canonical
Debian debian Linux
CPE cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

13 Feb 2023, 00:43

Type Values Removed Values Added
Summary It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0726', 'name': 'https://access.redhat.com/errata/RHSA-2015:0726', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0782', 'name': 'https://access.redhat.com/errata/RHSA-2015:0782', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0783', 'name': 'https://access.redhat.com/errata/RHSA-2015:0783', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0751', 'name': 'https://access.redhat.com/errata/RHSA-2015:0751', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0919', 'name': 'https://access.redhat.com/errata/RHSA-2015:0919', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2014-8159', 'name': 'https://access.redhat.com/security/cve/CVE-2014-8159', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0695', 'name': 'https://access.redhat.com/errata/RHSA-2015:0695', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0870', 'name': 'https://access.redhat.com/errata/RHSA-2015:0870', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0674', 'name': 'https://access.redhat.com/errata/RHSA-2015:0674', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0727', 'name': 'https://access.redhat.com/errata/RHSA-2015:0727', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0803', 'name': 'https://access.redhat.com/errata/RHSA-2015:0803', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 20:19

Type Values Removed Values Added
Summary The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.
References
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0726 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0782 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0783 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0751 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0919 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2014-8159 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0695 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0870 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0674 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0727 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0803 -

Information

Published : 2015-03-16 10:59

Updated : 2024-06-06 19:46


NVD link : CVE-2014-8159

Mitre link : CVE-2014-8159

CVE.ORG link : CVE-2014-8159


JSON object : View

Products Affected

linux

  • linux_kernel

canonical

  • ubuntu_linux

debian

  • debian_linux
CWE
CWE-264

Permissions, Privileges, and Access Controls