CVE-2014-8159

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux kernel package versions prior to 2.6.32-504.12.2 Red Hat Enterprise Linux kernel-tools-libs-devel (affected versions not specified) Red Hat Enterprise Linux kernel-tools (affected versions not specified) Red Hat Enterprise Linux kernel-devel (affected versions not specified) Red Hat Enterprise Linux kernel-doc (affected versions not specified) Red Hat Enterprise Linux kernel-headers (affected versions not specified) Red Hat Enterprise Linux kernel-debug (affected versions not specified) Red Hat Enterprise Linux kernel-abi-whitelists (affected versions not specified) Red Hat Enterprise Linux kernel-kdump-devel (affected versions not specified) Red Hat Enterprise Linux kernel-bootwrapper (affected versions not specified) Red Hat Enterprise Linux kernel-kdump (affected versions not specified) Red Hat Enterprise Linux kernel-debug-devel (affected versions not specified) Red Hat Enterprise Linux kernel-tools-libs (affected versions not specified) Red Hat Enterprise Linux perf (affected versions not specified) Red Hat Enterprise Linux kernel (affected versions not specified)

Description The issue affects the Linux kernel package in Red Hat Enterprise Linux, allowing local users to access arbitrary physical memory locations and potentially cause a denial of service or gain privileges. The vulnerability can be exploited remotely. The InfiniBand implementation does not properly restrict the use of User Verbs for registration of memory regions, allowing users to leverage permissions on a uverbs device under /dev/infiniband/.

Recommendations For Red Hat Enterprise Linux kernel package versions prior to 2.6.32-504.12.2, update to version 2.6.32-504.12.2 or later. For other affected packages, at the moment, there is no information about a newer version that contains a fix for this vulnerability.