CVE-2020-10757

Q: What is the severity of CVE-2020-10757?

CVE-2020-10757 has a CVSS score of 7.8 (HIGH). This vulnerability in the Linux kernel allows local attackers with access to DAX-enabled storage to escalate privileges on the system. It affects Linux kernel versions after 4.5-rc1 where DAX (Direct Access) functionality is enabled for persistent memory devices. The flaw specifically occurs in how the kernel handles memory remapping of DAX huge pages.

7.8 HIGH

📋 TL;DR

This vulnerability in the Linux kernel allows local attackers with access to DAX-enabled storage to escalate privileges on the system. It affects Linux kernel versions after 4.5-rc1 where DAX (Direct Access) functionality is enabled for persistent memory devices. The flaw specifically occurs in how the kernel handles memory remapping of DAX huge pages.

💻 Affected Systems

Products:

Linux Kernel

Versions: Versions after 4.5-rc1 up to the patched version

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when DAX (Direct Access) functionality is enabled for persistent memory devices like Intel Optane DC Persistent Memory. Most standard configurations without DAX are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Steelstore Cloud Integrated Storage by Netapp

View all CVEs affecting Steelstore Cloud Integrated Storage →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full root privileges on the system, potentially compromising all data and services.

🟠

Likely Case

Privilege escalation from a standard user account to root, enabling complete system control.

🟢

If Mitigated

Limited impact if DAX functionality is disabled or if systems are properly segmented with minimal local user access.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local system access.

🏢 Internal Only: HIGH - Any local user with access to DAX storage can potentially exploit this to gain root privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and DAX-enabled storage. Proof-of-concept code has been published in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commit 5bfea2d9b17f1034a68147a8b03b9789af5700f9 and subsequent releases

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1842525

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. For Red Hat/CentOS: yum update kernel. 3. For Debian/Ubuntu: apt update && apt upgrade linux-image. 4. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable DAX functionality

linux

Disable DAX (Direct Access) for persistent memory devices if not required

echo 'disable_dax' >> /etc/modprobe.d/disable-dax.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Restrict local user access to systems with DAX-enabled storage
Implement strict privilege separation and limit sudo/root access

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is between 4.5-rc1 and the patched version, and DAX is enabled, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond vulnerable range and check /proc/cmdline or dmesg for DAX status

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation attempts
Suspicious mremap operations in kernel logs

Network Indicators:

Not applicable - local exploit only

SIEM Query:

source="kernel" AND ("mremap" OR "DAX" OR "privilege escalation")

📊 Metadata

CVE ID: CVE-2020-10757

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: June 9, 2020

Last Updated: November 21, 2024

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html Mailing List,Patch,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1842525 Issue Tracking,Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9 Patch,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/ Third Party Advisory,VDB Entry
https://security.netapp.com/advisory/ntap-20200702-0004/ Third Party Advisory
https://usn.ubuntu.com/4426-1/ Third Party Advisory,VDB Entry
https://usn.ubuntu.com/4439-1/ Third Party Advisory
https://usn.ubuntu.com/4440-1/ Third Party Advisory,VDB Entry
https://usn.ubuntu.com/4483-1/ Third Party Advisory,VDB Entry
https://www.debian.org/security/2020/dsa-4698 Third Party Advisory
https://www.debian.org/security/2020/dsa-4699 Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/06/04/4 Exploit,Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html Mailing List,Patch,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1842525 Issue Tracking,Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9 Patch,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/ Third Party Advisory,VDB Entry
https://security.netapp.com/advisory/ntap-20200702-0004/ Third Party Advisory
https://usn.ubuntu.com/4426-1/ Third Party Advisory,VDB Entry
https://usn.ubuntu.com/4439-1/ Third Party Advisory
https://usn.ubuntu.com/4440-1/ Third Party Advisory,VDB Entry
https://usn.ubuntu.com/4483-1/ Third Party Advisory,VDB Entry
https://www.debian.org/security/2020/dsa-4698 Third Party Advisory
https://www.debian.org/security/2020/dsa-4699 Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/06/04/4 Exploit,Mailing List,Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Active Iq Unified Manager by Netapp

Cloud Backup by Netapp

Debian Linux by Debian

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Enterprise Mrg by Redhat

Fedora by Fedoraproject

Leap by Opensuse

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Steelstore Cloud Integrated Storage by Netapp

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable DAX functionality

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities