[Beowulf] Heads up - CVE-2014-8159 - Infiniband security bug

John Hearns hearnsj at googlemail.com
Mon Mar 16 02:21:14 PDT 2015


Mellanox had a release of their OFED on Friday which included the relevant
patch.
2.4-1.0.4
http://www.mellanox.com/page/products_dyn?product_family=26&mtag=linux_sw_drivers

On 14 March 2015 at 00:27, Chris Samuel <samuel at unimelb.edu.au> wrote:

> Happiness and joy - this bug appears to be in all distros and OFEDs.
>
> https://access.redhat.com/security/cve/CVE-2014-8159
>
> # It was found that the Linux kernel's Infiniband subsystem
> # did not properly sanitize input parameters while registering
> # memory regions from user space via the (u)verbs API. A local
> # user with access to a /dev/infiniband/uverbsX device could use
> # this flaw to crash the system or, potentially, escalate their
> # privileges on the system.
> #
> # Find out more about CVE-2014-8159 from the MITRE CVE dictionary
> # and NIST NVD.
> #
> # Statement
> #
> # This issue does affect the Linux kernel packages as shipped
> # with Red Hat Enterprise Linux 5, 6, and 7, and Red Hat
> # Enterprise MRG 2. Future Linux kernel updates for the
> # respective releases will address this issue.
>
> Of course if you use a 3rd party OFED stack you'll need to look to them for
> any fixes (if available).
>
> --
>  Christopher Samuel        Senior Systems Administrator
>  VLSCI - Victorian Life Sciences Computation Initiative
>  Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545
>  http://www.vlsci.org.au/      http://twitter.com/vlsci
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20150316/d37c7906/attachment.html>


More information about the Beowulf mailing list