oss-sec mailing list archives
CVE-2020-10781 kernel: zram sysfs resource consumption
From: Wade Mealing <wmealing () redhat com>
Date: Thu, 18 Jun 2020 11:19:35 +1000
Gday, A user with a local account and the ability to read the /sys/class/zram-control/hot_add file which on each read will create a zram device node in the /dev/ directory. This allocates kernel memory and is not allocated to a user. Continually reading this file may consume a large amount of system memory and cause the system OOM killer to activate, terminating userspace processes possibly making the system inoperable. Acknowledgement: Luca Bruno of Red Hat Upstream discussion and patch https://lore.kernel.org/linux-block/20200617103412.GA2027053 () kroah com/ Red Hat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1847832 Thanks, Wade Mealing Product Security - Kernel Red Hat
Current thread:
- CVE-2020-10781 kernel: zram sysfs resource consumption Wade Mealing (Jun 17)