[PATCH 0/1] [SRU] [focal/linux-oem-5.6] CVE-2020-10781: zram oom
Tim Gardner
tim.gardner at canonical.com
Fri Mar 12 17:32:19 UTC 2021
[Impact]
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module,
where a user with a local account and the ability to read the
/sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/
directory. This read allocates kernel memory and is not accounted for a user
that triggers the creation of that ZRAM device. With this vulnerability,
continually reading the device may consume a large amount of system memory
and cause the Out-of-Memory (OOM) killer to activate and terminate random
userspace processes, possibly making the system inoperable.
>From the Ubuntu security team:
Luca Bruno discovered that the zram module in the Linux kernel did not properly
restrict unprivileged users from accessing the hot_add sysfs file. A local
attacker could use this to cause a denial of service (memory exhaustion).
[Test Case]
none
[Potential regression]
Released in
linux-4.14.y
linux-4.19.y
linux-5.4.y
linux-5.7.y
More information about the kernel-team
mailing list