A flaw was discovered in the Linux kernels implementation of infiniband for MLX5. A local attacker who is able to execute a read from the infiband device could trigger an information leak of kernel memory to userspace which can be used to further attack the system.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1738709]
This was fixed in Fedora with the 4.18.7 stable kernel update.
If the InfiniBand device is in use, there is no known mitigation for this flaw. If the InfiniBand device is not in use, the kernel module (mlx5_ib) can be blacklisted and unloaded.
This was fixed in rhel-7 in the kernel-3.10.0-1013.el7 release, earlier versions were affected.