Incomplete data at nvd for CVE-2014-8159 (infiniband / verbs)

[Peter Kjellström <cap () nsc liu se>]

My first post and it may not even be the right place so sorry in
advance...

Not entirely sure what to expect from the nvd site for a CVE like this
(about 1 week old counting from redhats advisory) but information is at
best incomplete at:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8159

Here are a few problems with the info:

 * rhel6 / 2.6.32 is listed as impacted (but already the linked bz
   expands this to rhel5 and rhel7.
 * In fact this bug (as I understand it) is in all versions of the
   verbs kernel module except some point in 3.19.xxx and rhel6 updates.
   Affected list grows to:
    1) other distributions building kernel with infiniband/verbs enabled
    2) other distributions providing "external" infiniband/verbs modules
    3) other sources providing 3rd party infiniband/verbs modules
 * I know that Mellanox (found under 3 above) has released an update
   (MLNX_OFED 2.4-1) that fixes the issue, but this info is missing.
   https://community.mellanox.com/message/4401#4401

If this was not the correct place to contribute/fix information maybe
someone can point me in the correct direction.

/Peter K