// For flags

CVE-2014-8159

kernel: infiniband: uverbs: unprotected physical memory access

Severity Score

10.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

La implementación InfiniBand (IB) en el paquete del kernel de Linux anterior a 2.6.32-504.12.2 en Red Hat Enterprise Linux (RHEL) 6 no restringe adecuadamente el uso de User Verbs para el registro de regiones de memoria, lo que permite a usaurios locales acceder de forma arbitraria a ubicaciones de la memoria física, y consecuentemente causar una denegación de servicio (caída del sistema) u obtener privilegios, aprovechando permisos en un dispositivo uverbs bajo /dev/infiniband/.

It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-10 CVE Reserved
  • 2015-03-11 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-04-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-190: Integer Overflow or Wraparound
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (28)
URL Tag Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory
http://www.securityfocus.com/bid/73060 Third Party Advisory
http://www.securitytracker.com/id/1032224 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html 2024-06-06
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html 2024-06-06
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html 2024-06-06
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html 2024-06-06
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html 2024-06-06
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html 2024-06-06
http://rhn.redhat.com/errata/RHSA-2015-0674.html 2024-06-06
http://rhn.redhat.com/errata/RHSA-2015-0695.html 2024-06-06
http://rhn.redhat.com/errata/RHSA-2015-0726.html 2024-06-06
http://rhn.redhat.com/errata/RHSA-2015-0751.html 2024-06-06
http://rhn.redhat.com/errata/RHSA-2015-0782.html 2024-06-06
http://rhn.redhat.com/errata/RHSA-2015-0783.html 2024-06-06
http://rhn.redhat.com/errata/RHSA-2015-0803.html 2024-06-06
http://rhn.redhat.com/errata/RHSA-2015-0870.html 2024-06-06
http://rhn.redhat.com/errata/RHSA-2015-0919.html 2024-06-06
http://www.debian.org/security/2015/dsa-3237 2024-06-06
http://www.ubuntu.com/usn/USN-2525-1 2024-06-06
http://www.ubuntu.com/usn/USN-2526-1 2024-06-06
http://www.ubuntu.com/usn/USN-2527-1 2024-06-06
http://www.ubuntu.com/usn/USN-2528-1 2024-06-06
http://www.ubuntu.com/usn/USN-2529-1 2024-06-06
http://www.ubuntu.com/usn/USN-2530-1 2024-06-06
http://www.ubuntu.com/usn/USN-2561-1 2024-06-06
https://bugzilla.redhat.com/show_bug.cgi?id=1181166 2015-04-30
https://access.redhat.com/security/cve/CVE-2014-8159 2015-04-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.12 < 3.2.69
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 3.2.69"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.3 < 3.4.108
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.108"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.5 < 3.10.75
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.75"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.11 < 3.12.41
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.41"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.13 < 3.14.39
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.39"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.15 < 3.16.35
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.16.35"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.17 < 3.18.13
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.13"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.19 < 3.19.5
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 3.19.5"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
esm
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected