1847832 – (CVE-2020-10781) CVE-2020-10781 kernel: zram sysfs resource consumption

Bug 1847832 (CVE-2020-10781) - CVE-2020-10781 kernel: zram sysfs resource consumption

Summary: CVE-2020-10781 kernel: zram sysfs resource consumption

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-10781
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	Engineering1848258 1848259 Engineering1848260 Engineering1848261 Engineering1848262 Engineering1850165
Blocks:	Embargoed1847650
TreeView+	depends on / blocked

Reported:	2020-06-17 07:37 UTC by Wade Mealing
Modified:	2022-10-02 21:47 UTC (History)
CC List:	44 users (show)
Fixed In Version:	Linux kernel 5.8-rc6
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.
Clone Of:
Environment:
Last Closed:	2021-11-08 01:19:40 UTC

Attachments	(Terms of Use)
Initial patch to change permissions on the file. (536 bytes, patch) 2020-06-17 08:09 UTC, Wade Mealing	no flags	Details \| Diff
View All

Description Wade Mealing 2020-06-17 07:37:58 UTC

A user with a local account and the ability to read the /sys/class/zram-control/hot_add file which on each read will create a zram device node in the /dev/ directory.  This allocates kernel memory and is not allocated to a user.

Continually reading this file may consume a large amount of system memory and cause the system OOM killer to activate, terminating userspace processes possibly making the system inoperable.

Comment 2 Wade Mealing 2020-06-17 08:09:06 UTC

Created attachment 1697754 [details]
Initial patch to change permissions on the file.

Initial patch, not accepted upstream yet.

Comment 9 Wade Mealing 2020-06-18 04:47:39 UTC

Mitigation:

Changing permissions on the files within /sys will prevent regular users from being able to trigger this issue, however permissions changed within /sys do not persist between reboots and will need to be reapplied after each boot.

Comment 10 Wade Mealing 2020-06-18 06:07:46 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1848259]

Comment 13 Petr Matousek 2020-06-23 15:54:05 UTC

Acknowledgments:

Name: Luca Bruno (Red Hat)

Comment 14 Petr Matousek 2020-06-23 15:54:09 UTC

Statement:

This flaw is rated as having Low impact, because it is a denial of service only and requires the ZRAM kernel module to be loaded, which it is not the default, and oading kernel modules is a privileged operation.

Comment 16 Petr Matousek 2020-09-14 11:44:32 UTC

External References:

https://www.openwall.com/lists/oss-security/2020/06/18/1
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=853eab68afc80f59f36bbdeb715e5c88c501e680

Comment 17 Justin M. Forbes 2020-10-08 18:51:05 UTC

This was fixed for Fedora with the 5.7.10 stable kernel updates.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bhu
blc
bmasney
brdeoliv
bskeggs
dhoward
dvlasenk
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jlelli
john.j5live
jonathan
josef
jross
jshortt
jstancek
jwboyer
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
masami256
mchehab
mcressma
mjg59
mlangsdo
nmurray
ptalbert
qzhao
rt-maint
rvrbovsk
steved
williams