A flaw was discovered in the Linux kernels implementation of infiniband for MLX5. A local attacker who is able to execute a read from the infiband device could trigger an information leak of kernel memory to userspace which can be used to further attack the system. Additional Information: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1738709]
This was fixed in Fedora with the 4.18.7 stable kernel update.
Mitigation: If the InfiniBand device is in use, there is no known mitigation for this flaw. If the InfiniBand device is not in use, the kernel module (mlx5_ib) can be blacklisted and unloaded.
This was fixed in rhel-7 in the kernel-3.10.0-1013.el7 release, earlier versions were affected.