Описание
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Отчет
This issue did affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, and Red Hat Enterprise MRG 2. This issue has been addressed in the respective releases.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | kernel | Will not fix | ||
| Red Hat Enterprise Linux Extended Update Support 5.6 | kernel | Affected | ||
| Red Hat Enterprise Linux 5 | kernel | Fixed | RHSA-2015:0783 | 07.04.2015 |
| Red Hat Enterprise Linux 5.6 Long Life | kernel | Fixed | RHSA-2015:0919 | 30.04.2015 |
| Red Hat Enterprise Linux 5.9 Extended Update Support | kernel | Fixed | RHSA-2015:0870 | 22.04.2015 |
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2015:0674 | 11.03.2015 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | kernel | Fixed | RHSA-2015:0695 | 17.03.2015 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | kernel | Fixed | RHSA-2015:0803 | 14.04.2015 |
| Red Hat Enterprise Linux 6.5 Extended Update Support | kernel | Fixed | RHSA-2015:0782 | 07.04.2015 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2015:0727 | 26.03.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.2 Medium
CVSS2
Связанные уязвимости
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
The InfiniBand (IB) implementation in the Linux kernel package before ...
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
ELSA-2015-0783: kernel security and bug fix update (IMPORTANT)
EPSS
6.2 Medium
CVSS2