Vulnerabilities > CVE-2020-10757 - Type Confusion vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0102_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-08 modified 2020-06-07 plugin id 137200 published 2020-06-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137200 title Photon OS 3.0: Linux PHSA-2020-3.0-0102 NASL family Fedora Local Security Checks NASL id FEDORA_2020-203FFEDEB5.NASL description The 5.6.16 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-13 modified 2020-06-12 plugin id 137380 published 2020-06-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137380 title Fedora 31 : kernel (2020-203ffedeb5) NASL family Fedora Local Security Checks NASL id FEDORA_2020-07F0BE216F.NASL description The 5.6.16 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-10 modified 2020-06-08 plugin id 137210 published 2020-06-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137210 title Fedora 32 : kernel (2020-07f0be216f) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2242.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. CVE-2019-19462 The syzbot tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137339 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137339 title Debian DLA-2242-1 : linux-4.9 security update NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0251_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-07 modified 2020-06-06 plugin id 137195 published 2020-06-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137195 title Photon OS 2.0: Linux PHSA-2020-2.0-0251 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4698.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-2182 Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. - CVE-2019-5108 Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. - CVE-2019-19319 Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. - CVE-2019-19462 The syzbot tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137340 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137340 title Debian DSA-4698-1 : linux - security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4699.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-3016 It was discovered that the KVM implementation for x86 did not always perform TLB flushes when needed, if the paravirtualised TLB flush feature was enabled. This could lead to disclosure of sensitive information within a guest VM. - CVE-2019-19462 The syzkaller tool found a missing error check in the last seen 2020-06-12 modified 2020-06-11 plugin id 137341 published 2020-06-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137341 title Debian DSA-4699-1 : linux - security update
Redhat
advisories |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1842525
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/
- https://security.netapp.com/advisory/ntap-20200702-0004/
- https://usn.ubuntu.com/4426-1/
- https://usn.ubuntu.com/4439-1/
- https://usn.ubuntu.com/4440-1/
- https://usn.ubuntu.com/4483-1/
- https://www.debian.org/security/2020/dsa-4698
- https://www.debian.org/security/2020/dsa-4699
- https://www.openwall.com/lists/oss-security/2020/06/04/4
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
- https://www.openwall.com/lists/oss-security/2020/06/04/4
- https://www.debian.org/security/2020/dsa-4699
- https://www.debian.org/security/2020/dsa-4698
- https://usn.ubuntu.com/4483-1/
- https://usn.ubuntu.com/4440-1/
- https://usn.ubuntu.com/4439-1/
- https://usn.ubuntu.com/4426-1/
- https://security.netapp.com/advisory/ntap-20200702-0004/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9
- https://bugzilla.redhat.com/show_bug.cgi?id=1842525