Bug 1847832 (CVE-2020-10781) - CVE-2020-10781 kernel: zram sysfs resource consumption
Summary: CVE-2020-10781 kernel: zram sysfs resource consumption
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-10781
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1848258 1848259 1848260 1848261 1848262 1850165
Blocks: 1847650
TreeView+ depends on / blocked
 
Reported: 2020-06-17 07:37 UTC by Wade Mealing
Modified: 2022-10-02 21:47 UTC (History)
44 users (show)

Fixed In Version: Linux kernel 5.8-rc6
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.
Clone Of:
Environment:
Last Closed: 2021-11-08 01:19:40 UTC
Embargoed:


Attachments (Terms of Use)
Initial patch to change permissions on the file. (536 bytes, patch)
2020-06-17 08:09 UTC, Wade Mealing
no flags Details | Diff

Description Wade Mealing 2020-06-17 07:37:58 UTC
A user with a local account and the ability to read the /sys/class/zram-control/hot_add file which on each read will create a zram device node in the /dev/ directory.  This allocates kernel memory and is not allocated to a user.

Continually reading this file may consume a large amount of system memory and cause the system OOM killer to activate, terminating userspace processes possibly making the system inoperable.

Comment 2 Wade Mealing 2020-06-17 08:09:06 UTC
Created attachment 1697754 [details]
Initial patch to change permissions on the file.

Initial patch, not accepted upstream yet.

Comment 9 Wade Mealing 2020-06-18 04:47:39 UTC
Mitigation:

Changing permissions on the files within /sys will prevent regular users from being able to trigger this issue, however permissions changed within /sys do not persist between reboots and will need to be reapplied after each boot.

Comment 10 Wade Mealing 2020-06-18 06:07:46 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1848259]

Comment 13 Petr Matousek 2020-06-23 15:54:05 UTC
Acknowledgments:

Name: Luca Bruno (Red Hat)

Comment 14 Petr Matousek 2020-06-23 15:54:09 UTC
Statement:

This flaw is rated as having Low impact, because it is a denial of service only and requires the ZRAM kernel module to be loaded, which it is not the default, and oading kernel modules is a privileged operation.

Comment 17 Justin M. Forbes 2020-10-08 18:51:05 UTC
This was fixed for Fedora with the 5.7.10 stable kernel updates.


Note You need to log in before you can comment on or make changes to this bug.