ACK: [PATCH 0/1] [SRU] [focal/linux-oem-5.6] CVE-2020-10781: zram oom
Stefan Bader
stefan.bader at canonical.com
Mon Mar 15 10:33:54 UTC 2021
On 12.03.21 18:32, Tim Gardner wrote:
> [Impact]
> A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module,
> where a user with a local account and the ability to read the
> /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/
> directory. This read allocates kernel memory and is not accounted for a user
> that triggers the creation of that ZRAM device. With this vulnerability,
> continually reading the device may consume a large amount of system memory
> and cause the Out-of-Memory (OOM) killer to activate and terminate random
> userspace processes, possibly making the system inoperable.
>
> From the Ubuntu security team:
> Luca Bruno discovered that the zram module in the Linux kernel did not properly
> restrict unprivileged users from accessing the hot_add sysfs file. A local
> attacker could use this to cause a denial of service (memory exhaustion).
>
> [Test Case]
> none
>
> [Potential regression]
> Released in
> linux-4.14.y
> linux-4.19.y
> linux-5.4.y
> linux-5.7.y
>
>
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210315/93fb57c0/attachment.sig>
More information about the kernel-team
mailing list