3 Replies Latest reply on Mar 18, 2015 2:25 AM by cap_

    CVE 2014-8159 vulnerability


      Redhat released yesterday a new kernel and seems that there is local root hole in (u)verbs implementation. Has anyone figured out is MLNX OFED affected as well?


      It was found that the Linux kernel's Infiniband subsystem did not

      properly sanitize input parameters while registering memory regions from

      user space via the (u)verbs API. A local user with access to a

      /dev/infiniband/uverbsX device could use this flaw to crash the system or,

      potentially, escalate their privileges on the system. (CVE-2014-8159,


        • Re: CVE 2014-8159 vulnerability
          Seems that MLNX_OFED-2.4 does not have this check, so it's time to patch and rebuild IB drivers :-(

          diff -ur linux-2.6.32-504.8.1.el6/drivers/infiniband/core/umem.c linux-2.6.32-504.12.2.el6/drivers/infiniband/core/umem.c

          --- linux-2.6.32-504.8.1.el6/drivers/infiniband/core/umem.c     2014-12-19 18:31:21.000000000 +0200

          +++ linux-2.6.32-504.12.2.el6/drivers/infiniband/core/umem.c    2015-02-01 18:24:27.000000000 +0200

          @@ -92,6 +92,14 @@

                  if (dmasync)

                          dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);


          +       /*

          +        * If the combination of the addr and size requested for this memory

          +        * region causes an integer overflow, return error.

          +        */

          +       if ((PAGE_ALIGN(addr + size) <= size) ||

          +           (PAGE_ALIGN(addr + size) <= addr))

          +               return ERR_PTR(-EINVAL);


                  if (!can_do_mlock())

                          return ERR_PTR(-EPERM);