A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

🗓️ 25 Sep 2020 00:00:00Reported by MicrosoftType

Linux kernel flaw after 4.5-rc1 allows local attackers with Direct Access storage to escalate privileges via mremap.

Reporter	Title	Published	Views	Family All 359
IBM Security Bulletins	Security Bulletin: Vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus	20 Nov 202020:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in kernel.	7 Jul 202210:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to Using Components with Known Vulnerabilities	30 Oct 202016:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	2 Feb 202105:06	–	ibm
Tenable Nessus	Amazon Linux 2 : kernel (ALAS-2020-1465)	23 Jul 202000:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-012)	2 May 202200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2020-1401)	20 Jul 202000:00	–	nessus
Tenable Nessus	CentOS 7 : kernel (RHSA-2020:3220)	31 Jul 202000:00	–	nessus
Tenable Nessus	Debian DLA-2242-1 : linux-4.9 security update	11 Jun 202000:00	–	nessus
Tenable Nessus	Debian DSA-4698-1 : linux - security update	11 Jun 202000:00	–	nessus

Vulners

Node

25 Sep 2020 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS 26.9

CVSS 3.17.8

EPSS0.01