CVE-2020-10781
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/09/2020
Last modified:
07/11/2023
Description
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.8.0 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:5.8.0:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.8.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.8.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.8.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.8.0:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.8.0:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10781
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=853eab68afc80f59f36bbdeb715e5c88c501e680
- https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- https://www.openwall.com/lists/oss-security/2020/06/18/1