[Beowulf] Heads up - CVE-2014-8159 - Infiniband security bug
Chris Samuel
samuel at unimelb.edu.au
Fri Mar 13 17:27:51 PDT 2015
Happiness and joy - this bug appears to be in all distros and OFEDs.
https://access.redhat.com/security/cve/CVE-2014-8159
# It was found that the Linux kernel's Infiniband subsystem
# did not properly sanitize input parameters while registering
# memory regions from user space via the (u)verbs API. A local
# user with access to a /dev/infiniband/uverbsX device could use
# this flaw to crash the system or, potentially, escalate their
# privileges on the system.
#
# Find out more about CVE-2014-8159 from the MITRE CVE dictionary
# and NIST NVD.
#
# Statement
#
# This issue does affect the Linux kernel packages as shipped
# with Red Hat Enterprise Linux 5, 6, and 7, and Red Hat
# Enterprise MRG 2. Future Linux kernel updates for the
# respective releases will address this issue.
Of course if you use a 3rd party OFED stack you'll need to look to them for
any fixes (if available).
--
Christopher Samuel Senior Systems Administrator
VLSCI - Victorian Life Sciences Computation Initiative
Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545
http://www.vlsci.org.au/ http://twitter.com/vlsci
More information about the Beowulf
mailing list