[Beowulf] Heads up - CVE-2014-8159 - Infiniband security bug
hearnsj at googlemail.com
Mon Mar 16 02:21:14 PDT 2015
Mellanox had a release of their OFED on Friday which included the relevant
On 14 March 2015 at 00:27, Chris Samuel <samuel at unimelb.edu.au> wrote:
> Happiness and joy - this bug appears to be in all distros and OFEDs.
> # It was found that the Linux kernel's Infiniband subsystem
> # did not properly sanitize input parameters while registering
> # memory regions from user space via the (u)verbs API. A local
> # user with access to a /dev/infiniband/uverbsX device could use
> # this flaw to crash the system or, potentially, escalate their
> # privileges on the system.
> # Find out more about CVE-2014-8159 from the MITRE CVE dictionary
> # and NIST NVD.
> # Statement
> # This issue does affect the Linux kernel packages as shipped
> # with Red Hat Enterprise Linux 5, 6, and 7, and Red Hat
> # Enterprise MRG 2. Future Linux kernel updates for the
> # respective releases will address this issue.
> Of course if you use a 3rd party OFED stack you'll need to look to them for
> any fixes (if available).
> Christopher Samuel Senior Systems Administrator
> VLSCI - Victorian Life Sciences Computation Initiative
> Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545
> http://www.vlsci.org.au/ http://twitter.com/vlsci
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Beowulf