A user with a local account and the ability to read the /sys/class/zram-control/hot_add file which on each read will create a zram device node in the /dev/ directory. This allocates kernel memory and is not allocated to a user.
Continually reading this file may consume a large amount of system memory and cause the system OOM killer to activate, terminating userspace processes possibly making the system inoperable.
Created attachment 1697754 [details]
Initial patch to change permissions on the file.
Initial patch, not accepted upstream yet.
Changing permissions on the files within /sys will prevent regular users from being able to trigger this issue, however permissions changed within /sys do not persist between reboots and will need to be reapplied after each boot.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1848259]
Name: Luca Bruno (Red Hat)
This flaw is rated as having Low impact, because it is a denial of service only and requires the ZRAM kernel module to be loaded, which it is not the default, and oading kernel modules is a privileged operation.