exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

CVE-2014-8159

Status Candidate

Overview

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

Related Files

Red Hat Security Advisory 2015-0919-01
Posted May 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0919-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159
SHA-256 | e543bbe7dc1fe5d20b208997d464ebdaa39d87fae511896d22262d347cf97f5c
Debian Security Advisory 3237-1
Posted Apr 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3237-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-8159, CVE-2014-9715, CVE-2015-2041, CVE-2015-2042, CVE-2015-2150, CVE-2015-2830, CVE-2015-2922, CVE-2015-3331, CVE-2015-3332, CVE-2015-3339
SHA-256 | aa8f1362fe2b1e520df3774e9b5a3562a1ce08175dfc089a7a41b13a71abdb2e
Red Hat Security Advisory 2015-0870-01
Posted Apr 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0870-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159
SHA-256 | 9f2d0329dd85d46f5eed463422fa259961159397119b8a8180ae691e2b71e409
Red Hat Security Advisory 2015-0803-01
Posted Apr 14, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0803-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file could possibly use this flaw to escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2014-5471, CVE-2014-5472, CVE-2014-8159
SHA-256 | 2597df80a3aee352865bb8ca568338d9f7a11fa2f588d762a3f3d44f5341a025
Ubuntu Security Notice USN-2561-1
Posted Apr 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2561-1 - It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges. An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) mitigation mechanism. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8159, CVE-2015-1593, CVE-2015-2041, CVE-2015-2042
SHA-256 | 8aef8dc5ce0c1d2950a6515a77b071d9261bb137d80010ab9989173c9845de2d
Red Hat Security Advisory 2015-0783-01
Posted Apr 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0783-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. An insufficient bound checking flaw was found in the Xen hypervisor's implementation of acceleration support for the "REP MOVS" instructions. A privileged HVM guest user could potentially use this flaw to crash the host.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159, CVE-2014-8867
SHA-256 | 1a62eb3c62b3f58d404ecacc94006c7b1a6ccb8bd2830547a948bccc4c9d83d7
Red Hat Security Advisory 2015-0782-01
Posted Apr 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0782-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2014-3690, CVE-2014-5471, CVE-2014-5472, CVE-2014-8159, CVE-2014-8884, CVE-2015-1421
SHA-256 | 497a3d5df6407e2e427e7c1470a45a7c8129599f5ebc30b4932e3935b243a11f
Red Hat Security Advisory 2015-0751-01
Posted Mar 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0751-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159, CVE-2015-1421
SHA-256 | 19a826a26c6826bd517c5465ac89d5561c0d7a89c70e2559d0ef44349ac51452
Red Hat Security Advisory 2015-0726-01
Posted Mar 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0726-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159, CVE-2015-1421
SHA-256 | 556554dce153edd407f9ed35ad9b2549c021b7f9b903d6312f589dbd7a1fc644
Red Hat Security Advisory 2015-0727-01
Posted Mar 26, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0727-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159, CVE-2015-1421
SHA-256 | 93ffce7a0d7ad072f776414c7cc064b9e424786af1d4ad30ac44a27570ab282a
Red Hat Security Advisory 2015-0695-01
Posted Mar 18, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0695-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2014-5471, CVE-2014-5472, CVE-2014-7841, CVE-2014-8159
SHA-256 | 25724757ff5aee8a16c253eb7a578ac07bfa56bdb2e5d75fa8c0d5db6a98c13b
Ubuntu Security Notice USN-2528-1
Posted Mar 12, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2528-1 - It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8159
SHA-256 | 7ddfaa725ece72696c79acc3095ff720bf19edd2e2af4568ff9b8664b718b6aa
Ubuntu Security Notice USN-2530-1
Posted Mar 12, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2530-1 - It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8159
SHA-256 | aab81aa85e1adf1e046155328da4d0e9c15f3c6e27600f0092521baf57c41344
Ubuntu Security Notice USN-2526-1
Posted Mar 12, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2526-1 - It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8159
SHA-256 | 35b58420b7ba0f5e5f8afabb2b2bdfca8a29624ccf85daecfc5c5b54f83743b0
Ubuntu Security Notice USN-2527-1
Posted Mar 12, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2527-1 - It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8159
SHA-256 | 76c540ba30fc3b3dca8addf18cb8e94bec4970d56873cbf49f11886d18ac733a
Ubuntu Security Notice USN-2525-1
Posted Mar 12, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2525-1 - It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8159
SHA-256 | 7f40cf96c29d8e9b394b17b2ce4e9eb43cfc412a481ab314a73e38e96b8daf9d
Ubuntu Security Notice USN-2529-1
Posted Mar 12, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2529-1 - It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8159
SHA-256 | 64451f481cc710fd56c38032ef118c4dd829694216602e7bd69c0ab14e67582f
Red Hat Security Advisory 2015-0674-01
Posted Mar 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0674-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-7822, CVE-2014-8159, CVE-2014-8160, CVE-2014-8369
SHA-256 | 252d3a3f04735fff4c9e91df76c07d6a4f2fff78ef8e210b02cb32326371d925
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close