CVE-2020-10757

Description

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.71%• Percentile: 73%

Techniques & Countermeasures

• CWE-119•Improper Restriction of Operations within the Bounds of a Memory Buffer

  The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

• CWE-843•Access of Resource Using Incompatible Type ('Type Confusion')

  The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Affected Systems

• canonical•ubuntu_linux

  16.04 | 18.04 | 20.04

• debian•debian_linux

  8.0

• fedoraproject•fedora

  31

• linux•linux_kernel

  ≥ 4.5, < 4.9.227 | ≥ 4.10, < 4.14.184 | ≥ 4.15, < 4.19.127 | ≥ 4.20, < 5.4.45 | ≥ 5.5, < 5.6.17 | ≥ 5.7, < 5.7.1

• netapp•active_iq_unified_manager

  na

• netapp•cloud_backup

  na

• netapp•steelstore_cloud_integrated_storage

  na

• opensuse•leap

  15.1

• redhat•enterprise_linux

  7.0 | 8.0

• redhat•enterprise_mrg

  2.0

References (13)

• https://www.openwall.com/lists/oss-security/2020/06/04/4
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9
• https://bugzilla.redhat.com/show_bug.cgi?id=1842525
• https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
• https://www.debian.org/security/2020/dsa-4698
• https://www.debian.org/security/2020/dsa-4699
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/
• http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
• https://security.netapp.com/advisory/ntap-20200702-0004/
• https://usn.ubuntu.com/4439-1/
• https://usn.ubuntu.com/4426-1/
• https://usn.ubuntu.com/4440-1/
• https://usn.ubuntu.com/4483-1/