[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-8159Date: (C)2015-03-18   (M)2024-04-17


The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1032224
BID-73060
DSA-3237
FEDORA-2015-4066
RHSA-2015:0674
RHSA-2015:0695
RHSA-2015:0726
RHSA-2015:0751
RHSA-2015:0782
RHSA-2015:0783
RHSA-2015:0803
RHSA-2015:0870
RHSA-2015:0919
SUSE-SU-2015:1478
SUSE-SU-2015:1487
SUSE-SU-2015:1488
SUSE-SU-2015:1489
SUSE-SU-2015:1491
USN-2525-1
USN-2526-1
USN-2527-1
USN-2528-1
USN-2529-1
USN-2530-1
USN-2561-1
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://bugzilla.redhat.com/show_bug.cgi?id=1181166

CWE    1
CWE-264
OVAL    37
oval:org.secpod.oval:def:1500928
oval:org.secpod.oval:def:203571
oval:org.secpod.oval:def:501536
oval:org.secpod.oval:def:1500956
...

© SecPod Technologies