[Beowulf] Heads up - CVE-2014-8159 - Infiniband security bug
samuel at unimelb.edu.au
Fri Mar 13 17:27:51 PDT 2015
Happiness and joy - this bug appears to be in all distros and OFEDs.
# It was found that the Linux kernel's Infiniband subsystem
# did not properly sanitize input parameters while registering
# memory regions from user space via the (u)verbs API. A local
# user with access to a /dev/infiniband/uverbsX device could use
# this flaw to crash the system or, potentially, escalate their
# privileges on the system.
# Find out more about CVE-2014-8159 from the MITRE CVE dictionary
# and NIST NVD.
# This issue does affect the Linux kernel packages as shipped
# with Red Hat Enterprise Linux 5, 6, and 7, and Red Hat
# Enterprise MRG 2. Future Linux kernel updates for the
# respective releases will address this issue.
Of course if you use a 3rd party OFED stack you'll need to look to them for
any fixes (if available).
Christopher Samuel Senior Systems Administrator
VLSCI - Victorian Life Sciences Computation Initiative
Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545
More information about the Beowulf