[Beowulf] Heads up - CVE-2014-8159 - Infiniband security bug

Chris Samuel samuel at unimelb.edu.au
Fri Mar 13 17:27:51 PDT 2015


Happiness and joy - this bug appears to be in all distros and OFEDs.

https://access.redhat.com/security/cve/CVE-2014-8159

# It was found that the Linux kernel's Infiniband subsystem
# did not properly sanitize input parameters while registering
# memory regions from user space via the (u)verbs API. A local
# user with access to a /dev/infiniband/uverbsX device could use
# this flaw to crash the system or, potentially, escalate their
# privileges on the system.
#
# Find out more about CVE-2014-8159 from the MITRE CVE dictionary
# and NIST NVD.
#
# Statement
#
# This issue does affect the Linux kernel packages as shipped
# with Red Hat Enterprise Linux 5, 6, and 7, and Red Hat
# Enterprise MRG 2. Future Linux kernel updates for the
# respective releases will address this issue.

Of course if you use a 3rd party OFED stack you'll need to look to them for 
any fixes (if available).

-- 
 Christopher Samuel        Senior Systems Administrator
 VLSCI - Victorian Life Sciences Computation Initiative
 Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545
 http://www.vlsci.org.au/      http://twitter.com/vlsci



More information about the Beowulf mailing list