CVE-2014-8159

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html

http://rhn.redhat.com/errata/RHSA-2015-0674.html

http://rhn.redhat.com/errata/RHSA-2015-0695.html

http://rhn.redhat.com/errata/RHSA-2015-0726.html

http://rhn.redhat.com/errata/RHSA-2015-0751.html

http://rhn.redhat.com/errata/RHSA-2015-0782.html

http://rhn.redhat.com/errata/RHSA-2015-0783.html

http://rhn.redhat.com/errata/RHSA-2015-0803.html

http://rhn.redhat.com/errata/RHSA-2015-0870.html

http://rhn.redhat.com/errata/RHSA-2015-0919.html

http://www.debian.org/security/2015/dsa-3237

http://www.securityfocus.com/bid/73060

http://www.securitytracker.com/id/1032224

http://www.ubuntu.com/usn/USN-2525-1

http://www.ubuntu.com/usn/USN-2526-1

http://www.ubuntu.com/usn/USN-2527-1

http://www.ubuntu.com/usn/USN-2528-1

http://www.ubuntu.com/usn/USN-2529-1

http://www.ubuntu.com/usn/USN-2530-1

http://www.ubuntu.com/usn/USN-2561-1

https://bugzilla.redhat.com/show_bug.cgi?id=1181166

Details

Source: MITRE

Published: 2015-03-16

Updated: 2019-04-22

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
90019OracleVM 3.2 : kernel-uek (OVMSA-2016-0037)NessusOracleVM Local Security Checks
critical
85764SUSE SLES11 Security Update : kernel (SUSE-SU-2015:1478-1)NessusSuSE Local Security Checks
medium
85188OracleVM 3.3 : kernel-uek (OVMSA-2015-0109)NessusOracleVM Local Security Checks
critical
85177Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3064)NessusOracle Linux Local Security Checks
medium
85097Oracle Linux 6 : kernel (ELSA-2015-1272)NessusOracle Linux Local Security Checks
high
84545SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1174-1)NessusSuSE Local Security Checks
medium
84252Debian DLA-246-2 : linux-2.6 regression updateNessusDebian Local Security Checks
high
84227SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:1071-1)NessusSuSE Local Security Checks
medium
83485OracleVM 3.3 : kernel-uek (OVMSA-2015-0060)NessusOracleVM Local Security Checks
medium
83449Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)NessusOracle Linux Local Security Checks
critical
83448Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3035)NessusOracle Linux Local Security Checks
medium
83172RHEL 5 : kernel (RHSA-2015:0919)NessusRed Hat Local Security Checks
medium
83065Debian DSA-3237-1 : linux - security updateNessusDebian Local Security Checks
high
83028RHEL 5 : kernel (RHSA-2015:0870)NessusRed Hat Local Security Checks
medium
82790RHEL 6 : kernel (RHSA-2015:0803)NessusRed Hat Local Security Checks
medium
82691OracleVM 3.3 : kernel-uek (OVMSA-2015-0040)NessusOracleVM Local Security Checks
high
82688Oracle Linux 5 : kernel (ELSA-2015-0783)NessusOracle Linux Local Security Checks
medium
82638Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20150407)NessusScientific Linux Local Security Checks
medium
82637RHEL 5 : kernel (RHSA-2015:0783)NessusRed Hat Local Security Checks
medium
82636RHEL 6 : kernel (RHSA-2015:0782)NessusRed Hat Local Security Checks
medium
82630Fedora 20 : kernel-3.19.3-100.fc20 (2015-5024)NessusFedora Local Security Checks
medium
82621CentOS 5 : kernel (CESA-2015:0783)NessusCentOS Local Security Checks
medium
82518Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3019)NessusOracle Linux Local Security Checks
critical
82493RHEL 7 : kernel-rt (RHSA-2015:0727)NessusRed Hat Local Security Checks
critical
82490Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3020)NessusOracle Linux Local Security Checks
critical
82474CentOS 7 : kernel (CESA-2015:0726)NessusCentOS Local Security Checks
critical
82467RHEL 6 : MRG (RHSA-2015:0751)NessusRed Hat Local Security Checks
critical
82290RHEL 7 : kernel (RHSA-2015:0726)NessusRed Hat Local Security Checks
critical
82287Oracle Linux 7 : kernel (ELSA-2015-0726)NessusOracle Linux Local Security Checks
critical
82056Fedora 22 : kernel-4.0.0-0.rc4.git0.1.fc22 (2015-4066)NessusFedora Local Security Checks
medium
81991Fedora 21 : kernel-3.19.1-201.fc21 (2015-4059)NessusFedora Local Security Checks
medium
81906RHEL 6 : kernel (RHSA-2015:0695)NessusRed Hat Local Security Checks
medium
81809Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150311)NessusScientific Linux Local Security Checks
high
81792CentOS 6 : kernel (CESA-2015:0674)NessusCentOS Local Security Checks
high
81776Ubuntu 14.10 : linux vulnerability (USN-2530-1)NessusUbuntu Local Security Checks
medium
81775Ubuntu 14.04 LTS : linux-lts-utopic vulnerability (USN-2529-1)NessusUbuntu Local Security Checks
medium
81774Ubuntu 14.04 LTS : linux vulnerability (USN-2528-1)NessusUbuntu Local Security Checks
medium
81773Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-2527-1)NessusUbuntu Local Security Checks
medium
81772Ubuntu 12.04 LTS : linux vulnerability (USN-2526-1)NessusUbuntu Local Security Checks
medium
81771Ubuntu 10.04 LTS : linux vulnerability (USN-2525-1)NessusUbuntu Local Security Checks
medium
81769RHEL 6 : kernel (RHSA-2015:0674)NessusRed Hat Local Security Checks
high
81766Oracle Linux 6 : kernel (ELSA-2015-0674)NessusOracle Linux Local Security Checks
high