A flaw was found in the way mremap handled DAX hugepages. A local attacker could use this flaw to escalate their privileges on the system by being able to control PTEs and effectively creating physical to virtual mappings at will.
Acknowledgments: Name: Fan Yang
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1843883]
External References: https://www.openwall.com/lists/oss-security/2020/06/04/4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9
Statement: This issue requires access to a DAX enabled storage. This issue affects Red Hat Enterprise Linux 7 kernels starting with kernel-3.10.0-862, that is Red Hat Enterprise Linux 7.5 GA kernel. Red Hat Enterprise Linux 7 kernels prior to that version are not affected as they did not include the functionality that enabled this issue to be exploited. Red Hat Product Security is aware of this issue. Updates will be released as they become available.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3010 https://access.redhat.com/errata/RHSA-2020:3010
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3016 https://access.redhat.com/errata/RHSA-2020:3016
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10757
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3041 https://access.redhat.com/errata/RHSA-2020:3041
Why is RHEL7 not patched? FWIW, OEL7 is patched.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3220 https://access.redhat.com/errata/RHSA-2020:3220
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3221 https://access.redhat.com/errata/RHSA-2020:3221
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3222 https://access.redhat.com/errata/RHSA-2020:3222
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:3226 https://access.redhat.com/errata/RHSA-2020:3226
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:3598 https://access.redhat.com/errata/RHSA-2020:3598
Mitigation: Do not use DAX enabled storage.