Date: Thu, 18 Jun 2020 11:19:35 +1000 From: Wade Mealing <wmealing@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2020-10781 kernel: zram sysfs resource consumption Gday, A user with a local account and the ability to read the /sys/class/zram-control/hot_add file which on each read will create a zram device node in the /dev/ directory. This allocates kernel memory and is not allocated to a user. Continually reading this file may consume a large amount of system memory and cause the system OOM killer to activate, terminating userspace processes possibly making the system inoperable. Acknowledgement: Luca Bruno of Red Hat Upstream discussion and patch https://lore.kernel.org/linux-block/20200617103412.GA2027053@kroah.com/ Red Hat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1847832 Thanks, Wade Mealing Product Security - Kernel Red Hat
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.