retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3299 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 17 insertions, 0 deletions

diff --git a/retired/CVE-2014-2739 b/retired/CVE-2014-2739
new file mode 100644
index 00000000..e36a9df9
--- /dev/null
+++ b/retired/CVE-2014-2739
@@ -0,0 +1,17 @@
+Description: IB/core: Don't resolve passive side RoCE L2 address in CMA REQ handler
+References:
+Notes:
+ From oss-sec:
+ Linux kernel built with the InfiniBand communication link(CONFIG_INFINIBAND)
+ along with the support for Remote Direct Memory Access(RDMA) over Convered
+ Ethernet(RoCE), is vulnerable to a crash caused by invalid memory access.
+ It occurs while trying to resolve RoCE L2 address on the server side.
+ A remote unprivileged user/program could use this flaw to crash the kernel,
+ resulting in DoS.
+Bugs:
+upstream: released (3.14-rc4) [b2853fd6c2d0f383dbdf7427e263eb576a633867]
+2.6.32-upstream-stable: N/A "Introduced in 3.14-rc1 with dd5f03beb4f76ae65d76d8c22a8815e424fc607c"
+sid: N/A "Introduced in 3.14-rc1 with dd5f03beb4f76ae65d76d8c22a8815e424fc607c"
+3.2-wheezy-security: N/A "Introduced in 3.14-rc1 with dd5f03beb4f76ae65d76d8c22a8815e424fc607c"
+2.6.32-squeeze-security: N/A "Introduced in 3.14-rc1 with dd5f03beb4f76ae65d76d8c22a8815e424fc607c"
+3.2-upstream-stable: N/A "Introduced in 3.14-rc1 with dd5f03beb4f76ae65d76d8c22a8815e424fc607c"