CVE-2020-10781

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 5.8-rc6

Description The issue is related to the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot add file can create ZRAM device nodes in the /dev/ directory. This action allocates kernel memory without accounting for the user, potentially leading to a large consumption of system memory. Continual reading of the device may trigger the Out-of-Memory (OOM) killer, causing it to activate and terminate random userspace processes, which could make the system inoperable.

Recommendations For Linux Kernel versions prior to 5.8-rc6, consider restricting access to the /sys/class/zram-control/hot add file to prevent unauthorized creation of ZRAM device nodes. As a temporary workaround, limit the ability of local users to read this file until a patch is available. Additionally, monitor system memory usage closely to detect potential exploitation attempts.