cbcvebase.
CVE-2020-10781
published 2020-09-16

CVE-2020-10781: A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the…

PriorityP421medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.31%
22.8th percentile
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.

Affected

12 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianlinux< linux 5.7.10-1 (bookworm)linux 5.7.10-1 (bookworm)
linuxlinux_kernel< 5.8.05.8.0
linuxlinux_kernel
linuxlinux_kernel>= 0 < 5.7.10-15.7.10-1
linuxlinux_kernel>= 0 < 5.7.10-15.7.10-1
linuxlinux_kernel>= 0 < 5.7.10-15.7.10-1
linuxlinux_kernel>= 0 < 5.7.10-15.7.10-1
linuxlinux_kernel>= 0 < 4.15.0-115.1164.15.0-115.116
linuxlinux_kernel>= 0 < 5.4.0-45.495.4.0-45.49
linux_kernelkernel
msrccm1_kernel_5.4.91-3_on_cbl_mariner_1.0

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian5.5MEDIUM
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.