CVE-2020-10781

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10781

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=853eab68afc80f59f36bbdeb715e5c88c501e680

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

https://www.openwall.com/lists/oss-security/2020/06/18/1

Details

Source: MITRE

Published: 2020-09-16

Updated: 2020-09-28

Type: CWE-400

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.8.0:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.8.0:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.8.0:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.8.0:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.8.0:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.8.0:rc5:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
151229EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2021-2040)NessusHuawei Local Security Checks
high
147512EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604)NessusHuawei Local Security Checks
high
146474SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)NessusSuSE Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
144244EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2549)NessusHuawei Local Security Checks
high
141396Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5885)NessusOracle Linux Local Security Checks
high
140933Debian DLA-2385-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
140588Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5848)NessusOracle Linux Local Security Checks
medium
140500Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5844)NessusOracle Linux Local Security Checks
medium
140499Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5845)NessusOracle Linux Local Security Checks
critical
140378SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2487-1)NessusSuSE Local Security Checks
medium
140328EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1958)NessusHuawei Local Security Checks
high
140183Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4485-1)NessusUbuntu Local Security Checks
high
140181Ubuntu 18.04 LTS / 20.04 : Linux kernel vulnerabilities (USN-4483-1)NessusUbuntu Local Security Checks
high
139995EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1892)NessusHuawei Local Security Checks
high
139858Amazon Linux 2 : kernel (ALAS-2020-1480)NessusAmazon Linux Local Security Checks
medium
139766openSUSE Security Update : the Linux Kernel (openSUSE-2020-1236)NessusSuSE Local Security Checks
medium
139401openSUSE Security Update : the Linux Kernel (openSUSE-2020-1153)NessusSuSE Local Security Checks
critical
139363SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2122-1)NessusSuSE Local Security Checks
critical
139361SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2119-1)NessusSuSE Local Security Checks
critical
139310SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2107-1)NessusSuSE Local Security Checks
critical
139308SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2105-1)NessusSuSE Local Security Checks
medium
139137EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1807)NessusHuawei Local Security Checks
high