CVE-2020-10781 kernel: zram sysfs resource consumption

[Wade Mealing <wmealing () redhat com>]

Gday,

A user with a local account and the ability to read the
/sys/class/zram-control/hot_add file which on each read will create a
zram device node in the /dev/ directory.  This allocates kernel memory
and is not allocated to a user.

Continually reading this file may consume a large amount of system
memory and cause the system OOM killer to activate, terminating
userspace processes possibly making the system inoperable.

Acknowledgement:
Luca Bruno of Red Hat

Upstream discussion and patch
https://lore.kernel.org/linux-block/20200617103412.GA2027053 () kroah com/

Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1847832

Thanks,

Wade Mealing

Product Security - Kernel
Red Hat