Luca Bruno

**Name of the Vulnerable Software and Affected Versions** Linux Kernel versions prior to 5.8-rc6 **Description** The issue is related to the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot add file can create ZRAM device nodes in the /dev/ directory. This action allocates kernel memory without accounting for the user, potentially leading to a large consumption of system memory. Continual reading of the device may trigger the Out-of-Memory (OOM) killer, causing it to activate and terminate random userspace processes, which could make the system inoperable. **Recommendations** For Linux Kernel versions prior to 5.8-rc6, consider restricting access to the /sys/class/zram-control/hot add file to prevent unauthorized creation of ZRAM device nodes. As a temporary workaround, limit the ability of local users to read this file until a patch is available. Additionally, monitor system memory usage closely to detect potential exploitation attempts.

**Name of the Vulnerable Software and Affected Versions** Redis versions 2.8.x through 2.8.23 Redis versions 3.0.x through 3.0.5 **Description** The issue is related to an integer overflow in the getnum function in lua struct.c. This allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service, including memory corruption and application crash, or possibly bypass intended sandbox restrictions. The attack is triggered by a large number, which causes a stack-based buffer overflow. **Recommendations** For Redis versions 2.8.x through 2.8.23, update to version 2.8.24 or later. For Redis versions 3.0.x through 3.0.5, update to version 3.0.6 or later.