CVE-2014-8159 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2014-8159

CVE-2014-8159

Published:March 16, 2015

Updated:May 17, 2026

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

Related Resources (30)

https://access.redhat.com/security/cve/CVE-2014-8159

http://www.ubuntu.com/usn/USN-2561-1

http://rhn.redhat.com/errata/RHSA-2015-0695.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html

http://www.securitytracker.com/id/1032224

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html

https://people.canonical.com/~ubuntu-security/cve/CVE-2014-8159

http://www.ubuntu.com/usn/USN-2528-1

http://rhn.redhat.com/errata/RHSA-2015-0919.html

http://rhn.redhat.com/errata/RHSA-2015-0870.html