From 8172242781ef7cf22f9cf1b5e6c3ffa4d0052242 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Fri, 11 Apr 2014 12:56:36 +0000 Subject: retire git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3299 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2014-2739 | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 retired/CVE-2014-2739 (limited to 'retired/CVE-2014-2739') diff --git a/retired/CVE-2014-2739 b/retired/CVE-2014-2739 new file mode 100644 index 00000000..e36a9df9 --- /dev/null +++ b/retired/CVE-2014-2739 @@ -0,0 +1,17 @@ +Description: IB/core: Don't resolve passive side RoCE L2 address in CMA REQ handler +References: +Notes: + From oss-sec: + Linux kernel built with the InfiniBand communication link(CONFIG_INFINIBAND) + along with the support for Remote Direct Memory Access(RDMA) over Convered + Ethernet(RoCE), is vulnerable to a crash caused by invalid memory access. + It occurs while trying to resolve RoCE L2 address on the server side. + A remote unprivileged user/program could use this flaw to crash the kernel, + resulting in DoS. +Bugs: +upstream: released (3.14-rc4) [b2853fd6c2d0f383dbdf7427e263eb576a633867] +2.6.32-upstream-stable: N/A "Introduced in 3.14-rc1 with dd5f03beb4f76ae65d76d8c22a8815e424fc607c" +sid: N/A "Introduced in 3.14-rc1 with dd5f03beb4f76ae65d76d8c22a8815e424fc607c" +3.2-wheezy-security: N/A "Introduced in 3.14-rc1 with dd5f03beb4f76ae65d76d8c22a8815e424fc607c" +2.6.32-squeeze-security: N/A "Introduced in 3.14-rc1 with dd5f03beb4f76ae65d76d8c22a8815e424fc607c" +3.2-upstream-stable: N/A "Introduced in 3.14-rc1 with dd5f03beb4f76ae65d76d8c22a8815e424fc607c" -- cgit v1.2.3