Headline
CVE-2020-10757: DAX hugepages not considered during mremap
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
Description Pedro Sampaio 2020-06-01 13:11:58 UTC
A flaw was found in the way mremap handled DAX hugepages. A local attacker could use this flaw to escalate their privileges on the system by being able to control PTEs and effectively creating physical to virtual mappings at will.
Comment 1 Petr Matousek 2020-06-03 09:54:57 UTC
Acknowledgments:
Name: Fan Yang
Comment 10 Petr Matousek 2020-06-04 11:32:11 UTC
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1843883]
Comment 16 Petr Matousek 2020-06-23 10:57:02 UTC
Statement:
This issue requires access to a DAX enabled storage.
This issue affects Red Hat Enterprise Linux 7 kernels starting with kernel-3.10.0-862, that is Red Hat Enterprise Linux 7.5 GA kernel. Red Hat Enterprise Linux 7 kernels prior to that version are not affected as they did not include the functionality that enabled this issue to be exploited.
Red Hat Product Security is aware of this issue. Updates will be released as they become available.
Comment 22 Chuck Svoboda 2020-07-21 15:33:26 UTC
Why is RHEL7 not patched? FWIW, OEL7 is patched.
Comment 30 Petr Matousek 2020-10-21 12:18:28 UTC
Mitigation:
Do not use DAX enabled storage.