Happiness and joy - this bug appears to be in all distros and OFEDs. https://access.redhat.com/security/cve/CVE-2014-8159
# It was found that the Linux kernel's Infiniband subsystem # did not properly sanitize input parameters while registering # memory regions from user space via the (u)verbs API. A local # user with access to a /dev/infiniband/uverbsX device could use # this flaw to crash the system or, potentially, escalate their # privileges on the system. # # Find out more about CVE-2014-8159 from the MITRE CVE dictionary # and NIST NVD. # # Statement # # This issue does affect the Linux kernel packages as shipped # with Red Hat Enterprise Linux 5, 6, and 7, and Red Hat # Enterprise MRG 2. Future Linux kernel updates for the # respective releases will address this issue. Of course if you use a 3rd party OFED stack you'll need to look to them for any fixes (if available). -- Christopher Samuel Senior Systems Administrator VLSCI - Victorian Life Sciences Computation Initiative Email: [email protected] Phone: +61 (0)3 903 55545 http://www.vlsci.org.au/ http://twitter.com/vlsci _______________________________________________ Beowulf mailing list, [email protected] sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
