CVE-2020-10757

Exploit

EPSS 0.41%
Veröffentlicht 09.06.2020 13:15:10
Zuletzt bearbeitet 21.11.2024 04:56:00
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.227

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.184

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.127

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.45

Linux ≫ Linux Kernel Version >= 5.5 < 5.6.17

Linux ≫ Linux Kernel Version >= 5.7 < 5.7.1

Opensuse ≫ Leap Version15.1

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Mrg Version2.0

Fedoraproject ≫ Fedora Version31

Debian ≫ Debian Linux Version8.0

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Cloud Backup Version-

Netapp ≫ Steelstore Cloud Integrated Storage Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.605

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

Patch

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4439-1/

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2020/dsa-4698

Third Party Advisory

https://usn.ubuntu.com/4440-1/