CVE-2014-8159

Advisory lineage Upstream: 0 Downstream: 25
Modified
Published: 16 Mar 2015, 10:00
Last modified:06 Aug 2024, 13:10

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
6.9 MEDIUM
v2.0 (nvd)
EPSS Score
0.14% LOW
0% probability +0.07%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

16 Mar 2015, 10:00
Published
Vulnerability first disclosed
06 Aug 2024, 13:10
Last Modified
Vulnerability information updated

Description

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

CVSS Metrics

  • v2.0MEDIUMScore: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.14% Percentile: 34%

Techniques & Countermeasures

  • CWE-264Permissions, Privileges, and Access Controls

    Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

  • canonicalubuntu_linux

    10.04 | 12.04 | 14.04 | 14.10

  • debiandebian_linux

    7.0 | 8.0

  • linuxlinux_kernel

    ≥ 2.6.12, < 3.2.69 | ≥ 3.3, < 3.4.108 | ≥ 3.5, < 3.10.75 | ≥ 3.11, < 3.12.41 | ≥ 3.13, < 3.14.39 | ≥ 3.15, < 3.16.35 | ≥ 3.17, < 3.18.13 | ≥ 3.19, < 3.19.5

References (27)