Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2020-10781

Published: 16/09/2020 Updated: 07/11/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 437
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Linux

Vulnerability Summary

A flaw was found in the Linux Kernel prior to 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

linux linux kernel 5.8.0

debian debian linux 9.0

Vendor Advisories

Amazon Linux 2: ALAS2KERNEL-5.4-2022-014
A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel An attacker, able to send invalid SHA type commands, could cause the system to crash The highest threat from this vulnerability is to system availability (CVE-2019-18808) A flaw was found in the Linux kernel The CX23888 Integrated Consumer Infrared Controller prob ...
Amazon Linux 2: ALAS2-2020-1480
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_bufferc in the Linux kernel before 539 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3 (CVE-2019-19061) A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmic in the Linux kernel through 53 ...

Mailing Lists

Full Disclosure: CVE-2020-10781 kernel: zram sysfs resource consumption
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2020-10781 kernel: zram sysfs resource consumption <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Wade Meali ...

References

CWE-732https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=853eab68afc80f59f36bbdeb715e5c88c501e680https://www.openwall.com/lists/oss-security/2020/06/18/1https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10781https://lists.debian.org/debian-lts-announce/2020/09/msg00025.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-014.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook