Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K16478
HistoryApr 22, 2015 - 12:00 a.m.

K16478 : Linux kernel vulnerabilities CVE-2014-8159 and CVE-2014-8369

2015-04-2200:00:00
my.f5.com
11

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

Security Advisory Description

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.

Impact

There is no impact; F5 products are not affected by this vulnerability.

Related

f5 1
cvelist 3
nvd 3
debiancve 3
ubuntucve 3
cve 3
prion 3
redhat 10
nessus 53
openvas 52
centos 3
oraclelinux 15
ubuntu 16
mageia 11
cloudfoundry 2
veracode 2
securityvulns 6
fedora 2
archlinux 2
osv 1
debian 2
suse 3
f5
f5
SOL16478 - Linux kernel vulnerabilities CVE-2014-8159 and CVE-2014-8369
2015-04-22 00:00:00
cvelist
cvelist
CVE-2014-8369
2014-11-10 11:00:00
CVE-2014-3601
2014-09-01 01:00:00
CVE-2014-8159
2015-03-16 10:00:00
nvd
nvd
CVE-2014-8369
2014-11-10 11:55:08
CVE-2014-3601
2014-09-01 01:55:18
CVE-2014-8159
2015-03-16 10:59:01
debiancve
debiancve
CVE-2014-8369
2014-11-10 11:55:08
CVE-2014-8159
2015-03-16 10:59:01
CVE-2014-3601
2014-09-01 01:55:18
ubuntucve
ubuntucve
CVE-2014-8369
2014-11-10 00:00:00
CVE-2014-3601
2014-08-31 00:00:00
CVE-2014-8159
2014-12-31 00:00:00
cve
cve
CVE-2014-8369
2014-11-10 11:55:08
CVE-2014-8159
2015-03-16 10:59:01
CVE-2014-3601
2014-09-01 01:55:18
prion
prion
Design/Logic Flaw
2014-11-10 11:55:00
Design/Logic Flaw
2015-03-16 10:59:00
Memory corruption
2014-09-01 01:55:00
redhat
redhat
(RHSA-2015:0674) Important: kernel security and bug fix update
2015-03-11 00:00:00
(RHSA-2015:0870) Important: kernel security update
2015-04-22 00:00:00
(RHSA-2015:0919) Important: kernel security update
2015-04-30 00:00:00
nessus
nessus
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150311)
2015-03-13 00:00:00
CentOS 6 : kernel (CESA-2015:0674)
2015-03-13 00:00:00
RHEL 6 : kernel (RHSA-2015:0674)
2015-03-12 00:00:00
openvas
openvas
CentOS Update for kernel CESA-2015:0674 centos6
2015-03-13 00:00:00
RedHat Update for kernel RHSA-2015:0674-01
2015-03-12 00:00:00
Oracle: Security Advisory (ELSA-2015-0674)
2015-10-06 00:00:00
centos
centos
kernel, perf, python security update
2015-03-12 15:31:30
kernel, perf, python security update
2015-04-01 03:22:51
kernel security update
2015-04-07 22:09:26
oraclelinux
oraclelinux
kernel security and bug fix update
2015-03-11 00:00:00
Unbreakable Enterprise kernel security update
2015-03-13 00:00:00
kernel security and bug fix update
2015-05-12 00:00:00
ubuntu
ubuntu
Linux kernel vulnerability
2015-03-12 00:00:00
Linux kernel vulnerability
2015-03-12 00:00:00
Linux kernel (Trusty HWE) vulnerability
2015-03-12 00:00:00
mageia
mageia
Updated kernel & related packages provide 3.10 longterm support branch
2014-09-28 16:17:31
Updated kernel-tmb packages fix security vulnerabilities
2014-11-15 21:47:21
Updated kernel-linus packages fix security vulnerabilities
2014-11-15 21:31:46
cloudfoundry
cloudfoundry
CVE-2014-8159 - Linux Kernel Infiniband Vulnerability | Cloud Foundry
2015-03-13 00:00:00
USN 3020-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
2016-07-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:05:17
Denial Of Service (DoS)
2019-05-02 05:13:00
securityvulns
securityvulns
[USN-2530-1] Linux kernel vulnerability
2015-03-15 00:00:00
[SECURITY] [DSA 3093-1] linux security update
2014-12-11 00:00:00
[USN-2359-1] Linux kernel vulnerabilities
2014-09-29 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: kernel-4.0.0-0.rc4.git0.1.fc22
2015-03-22 04:43:08
[SECURITY] Fedora 21 Update: kernel-3.17.2-300.fc21
2014-11-03 05:23:10
archlinux
archlinux
linux-lts: local denial of service, privilege escalation
2014-11-17 00:00:00
linux: local denial of service, privilege escalation
2014-11-17 00:00:00
osv
osv
linux - security update
2014-12-08 00:00:00
debian
debian
[SECURITY] [DSA 3093-1] linux security update
2014-12-08 21:09:15
[SECURITY] [DSA 3093-1] linux security update
2014-12-08 21:09:15
suse
suse
Live patch for the Linux Kernel (important)
2015-09-04 12:09:23
Live patch for the Linux Kernel (important)
2015-09-04 12:16:25
Security update for the Linux Kernel (important)
2015-03-24 07:04:48

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON
Related for F5:K16478
f51cvelist3nvd3debiancve3ubuntucve3cve3prion3redhat10nessus53openvas52centos3oraclelinux15ubuntu16mageia11cloudfoundry2veracode2securityvulns6fedora2archlinux2osv1debian2suse3