Bugzilla – Bug 914742
VUL-0: CVE-2014-8159: kernel: Mellanox security issue
Last modified: 2015-09-04 09:53:18 UTC
is public now. https://rhn.redhat.com/errata/RHSA-2015-0674.html It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) Please apply.
I have a customer asking about this since they saw the Redhat announcement noted in comment #9. Any estimate on when we will be releasing the patch for this? My customer has LTSS for SLES 11 SP1 & SP2 so they are interested in both of those as well as SLES 11 SP3 and SLES 12. I find it interesting that Redhat released this even though their notice seems to indicate that they don't have a fix available for it yet. From the Redhat CVE notice for this vulnerability: "Future Linux kernel updates for the respective releases will address this issue."
Oops... I was looking at the Redhat link that my customer provided, which is this one that says that the fix will be in some future update: https://access.redhat.com/security/cve/CVE-2014-8159 The link from comment #9 says that they do have the fix available already.
This is currently at an unfortunate timing state, where we have just released or have LTSS updates in the queue. Temporary fixes could be delivered as PTF.
via oss-sec From: Shachar Raindel <raindel@mellanox.com> Subject: [oss-security] CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Hi, It was found that the Linux kernel's InfiniBand/RDMA subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. The issue has been assigned CVE-2014-8159. The issue exists in the InfiniBand/RDMA/iWARP drivers since Linux Kernel version 2.6.13. Mellanox OFED 2.4-1.0.4 fixes the issue. Available from: http://www.mellanox.com/page/products_dyn?product_family=26&mtag=linux_sw_drivers RedHat errata: https://access.redhat.com/security/cve/CVE-2014-8159 Canonical errata: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8159.html Novell (Suse) bug tracking: https://bugzilla.novell.com/show_bug.cgi?id=914742
there has been some ongoing discussion on the correct fix on the kernel list.
Fix is upstream now: 8494057ab5e4 ("IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic") I'm starting backporting.
3eb1ca7482d6..3ba993b6129e SLE12 -> SLE12 6b8568fa2361..6545a2d2b0c2 HEAD -> cve/linux-3.0 3fc85875fb32..cafa2935b90c HEAD -> cve/linux-2.6.32 2.6.16 needs more work. Adding mhocko and ptesarik for TD/LTSS.
a9b0cd6b75b3..25d53f457cfb HEAD -> cve/linux-2.6.16 All cve* kernels have it now, bouncing back to security@
Merged to all TD brances. Thanks!
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-05-19. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61701
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-05-26. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61770
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-06-12. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61844
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-06-15. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61904
SUSE-SU-2015:1071-1: An update that solves 13 vulnerabilities and has 31 fixes is now available. Category: security (important) Bug References: 899192,900881,909312,913232,914742,915540,916225,917125,919007,919018,920262,921769,922583,922734,922944,924664,924803,924809,925567,926156,926240,926314,927084,927115,927116,927257,927285,927308,927455,928122,928130,928135,928141,928708,929092,929145,929525,929883,930224,930226,930669,930786,931014,931130 CVE References: CVE-2014-3647,CVE-2014-8086,CVE-2014-8159,CVE-2015-1465,CVE-2015-2041,CVE-2015-2042,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3332,CVE-2015-3339,CVE-2015-3636 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): kernel-docs-3.12.43-52.6.2, kernel-obs-build-3.12.43-52.6.2 SUSE Linux Enterprise Server 12 (src): kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12_Update_5-1-2.3 SUSE Linux Enterprise Desktop 12 (src): kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1
SUSE-SU-2015:1174-1: An update that solves 15 vulnerabilities and has 71 fixes is now available. Category: security (moderate) Bug References: 831029,877456,889221,891212,891641,900881,902286,904242,904883,904901,906027,908706,909309,909312,909477,909684,910517,911326,912202,912741,913080,913598,914726,914742,914818,914987,915045,915200,915577,916521,916848,917093,917120,917648,917684,917830,917839,918333,919007,919018,919357,919463,919589,919682,919808,921769,922583,923344,924142,924271,924333,924340,925012,925370,925443,925567,925729,926016,926240,926439,926767,927190,927257,927262,927338,928122,928130,928142,928333,928970,929145,929148,929283,929525,929647,930145,930171,930226,930284,930401,930669,930786,930788,931014,931015,931850 CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2015-0777,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1 SUSE Linux Enterprise Server 11 SP3 (src): kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-ec2-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-ppc64-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1, xen-4.2.5_08-0.7.1 SUSE Linux Enterprise High Availability Extension 11 SP3 (src): cluster-network-1.4-2.28.1.21, gfs2-2-0.17.1.21, ocfs2-1.6-0.21.1.21 SUSE Linux Enterprise Desktop 11 SP3 (src): kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1, xen-4.2.5_08-0.7.1 SLE 11 SERVER Unsupported Extras (src): kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-ppc64-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1
SUSE-SU-2015:1376-1: An update that solves 15 vulnerabilities and has 71 fixes is now available. Category: security (important) Bug References: 831029,877456,889221,891212,891641,900881,902286,904242,904883,904901,906027,908706,909309,909312,909477,909684,910517,911326,912202,912741,913080,913598,914726,914742,914818,914987,915045,915200,915577,916521,916848,917093,917120,917648,917684,917830,917839,918333,919007,919018,919357,919463,919589,919682,919808,921769,922583,923344,924142,924271,924333,924340,925012,925370,925443,925567,925729,926016,926240,926439,926767,927190,927257,927262,927338,928122,928130,928142,928333,928970,929145,929148,929283,929525,929647,930145,930171,930226,930284,930401,930669,930786,930788,931014,931015,931850 CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2015-0777,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636 Sources used: SUSE Linux Enterprise Real Time Extension 11 SP3 (src): cluster-network-1.4-2.28.1.22, drbd-kmp-8.4.4-0.23.1.22, iscsitarget-1.4.20-0.39.1.22, kernel-rt-3.0.101.rt130-0.33.38.1, kernel-rt_trace-3.0.101.rt130-0.33.38.1, kernel-source-rt-3.0.101.rt130-0.33.38.1, kernel-syms-rt-3.0.101.rt130-0.33.38.1, lttng-modules-2.1.1-0.12.1.20, ocfs2-1.6-0.21.1.22, ofed-1.5.4.1-0.14.1.22
SUSE-SU-2015:1478-1: An update that solves 18 vulnerabilities and has 25 fixes is now available. Category: security (important) Bug References: 798406,821931,860593,879878,891087,897995,898693,900881,904671,908870,909477,912916,914742,915200,915517,915577,916010,917093,917830,918333,919007,919018,919463,921769,922583,923245,926240,927257,928801,929148,929283,929360,929525,930284,930934,931474,933429,935705,936831,937032,937986,940338,940398 CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9683,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-1805,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3636,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): kernel-default-3.0.101-0.7.37.1, kernel-ec2-3.0.101-0.7.37.1, kernel-pae-3.0.101-0.7.37.1, kernel-source-3.0.101-0.7.37.1, kernel-syms-3.0.101-0.7.37.1, kernel-trace-3.0.101-0.7.37.1, kernel-xen-3.0.101-0.7.37.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): kernel-default-3.0.101-0.7.37.1, kernel-ec2-3.0.101-0.7.37.1, kernel-pae-3.0.101-0.7.37.1, kernel-trace-3.0.101-0.7.37.1, kernel-xen-3.0.101-0.7.37.1
all reeased