Bug 1842525 (CVE-2020-10757)
Summary: | CVE-2020-10757 kernel: kernel: DAX hugepages not considered during mremap | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acaringi, airlied, aquini, bhu, blc, bmasney, brdeoliv, bskeggs, csvoboda, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, jmoyer, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, pmatouse, ptalbert, qzhao, rt-maint, rvrbovsk, security-response-team, steved, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-21 13:28:00 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1843429, 1843430, 1843431, 1843432, 1843433, 1843434, 1843435, 1843436, 1843437, 1843438, 1843439, 1843440, 1843441, 1843442, 1843443, 1843444, 1843445, 1843446, 1843447, 1843448, 1843883 | ||
Bug Blocks: | 1842526 |
Description
Pedro Sampaio
2020-06-01 13:11:58 UTC
Acknowledgments: Name: Fan Yang Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1843883] External References: https://www.openwall.com/lists/oss-security/2020/06/04/4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9 Statement: This issue requires access to a DAX enabled storage. This issue affects Red Hat Enterprise Linux 7 kernels starting with kernel-3.10.0-862, that is Red Hat Enterprise Linux 7.5 GA kernel. Red Hat Enterprise Linux 7 kernels prior to that version are not affected as they did not include the functionality that enabled this issue to be exploited. Red Hat Product Security is aware of this issue. Updates will be released as they become available. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3010 https://access.redhat.com/errata/RHSA-2020:3010 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3016 https://access.redhat.com/errata/RHSA-2020:3016 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10757 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3041 https://access.redhat.com/errata/RHSA-2020:3041 Why is RHEL7 not patched? FWIW, OEL7 is patched. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3220 https://access.redhat.com/errata/RHSA-2020:3220 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3221 https://access.redhat.com/errata/RHSA-2020:3221 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3222 https://access.redhat.com/errata/RHSA-2020:3222 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:3226 https://access.redhat.com/errata/RHSA-2020:3226 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:3598 https://access.redhat.com/errata/RHSA-2020:3598 Mitigation: Do not use DAX enabled storage. |