CVE-2020-10757: 
Linux Kernel vulnerability analysis and mitigation

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. The vulnerability was discovered by Fan Yang and assigned CVE-2020-10757. The issue was introduced in commit 5c7fb56 ("mm, dax: dax-pmd vs thp-pmd vs hugetlbfs-pmd") and fixed in June 2020 (Kernel Git).

The vulnerability exists because the mremap implementation did not properly handle DAX (Direct Access) Huge Pages. The condition to handle a huge PMD (Page Middle Directory) in movepagetables only checked for swappmd or pmdtrans_huge, but did not account for DAX mapped files which are mapped as huge pages but are not transparent huge pages. This caused the huge PMD not to be split, resulting in the physical page being incorrectly treated as a page table when it was actually a 2MB data page (OpenWall).

This vulnerability allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. The attacker could effectively control PTEs (Page Table Entries) and create physical to virtual mappings at will (NVD).

The vulnerability was patched in Linux kernel version 5.6.16 and backported to various stable kernel versions. The fix involves modifying the condition in movepagetables to also check for pmddevmap when handling huge pages. For systems that cannot be immediately patched, the recommended workaround is to avoid using DAX enabled storage ([Red Hat Bugzilla](https://bugzilla.redhat.com/showbug.cgi?id=1842525)).