Redhat released yesterday a new kernel and seems that there is local root hole in (u)verbs implementation. Has anyone figured out is MLNX OFED affected as well?
It was found that the Linux kernel’s Infiniband subsystem did not
properly sanitize input parameters while registering memory regions from
user space via the (u)verbs API. A local user with access to a
/dev/infiniband/uverbsX device could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-8159,
Seems that MLNX_OFED-2.4 does not have this check, so it's time to patch and rebuild IB drivers :-(
diff -ur linux-2.6.32-504.8.1.el6/drivers/infiniband/core/umem.c linux-2.6.32-504.12.2.el6/drivers/infiniband/core/umem.c
— linux-2.6.32-504.8.1.el6/drivers/infiniband/core/umem.c 2014-12-19 18:31:21.000000000 +0200
+++ linux-2.6.32-504.12.2.el6/drivers/infiniband/core/umem.c 2015-02-01 18:24:27.000000000 +0200
@@ -92,6 +92,14 @@
Thanks for the heads up!
Mellanox has released an updated version of the 2.4-1 release to address issue :
Mellanox Products: Mellanox OpenFabrics Enterprise Distribution for Linux (MLNX_OFED) http://www.mellanox.com/page/products_dyn?product_family=26&mtag=linux_sw_drivers
I noticed that while mellanox reported the problem to redhat (promptly fixed) upstream Linux kernel and ofed seem out of the loop (or atleast not fixing). I base this on the patch being missing from both Linux git master and ofed-3.18-daily.
Also the available cve info at nvd and mitre is missing lots of information (most significantly that most everybody using ib is vulnerable until updated).