CVE-2020-10781

Name	CVE-2020-10781
Description	A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-2385-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	fixed
	bullseye (security)	5.10.226-1	fixed
	bookworm	6.1.115-1	fixed
	bookworm (security)	6.1.112-1	fixed
	trixie	6.11.7-1	fixed
	sid	6.11.9-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
linux	source	jessie	(not affected)
linux	source	stretch	(not affected)
linux	source	buster	4.19.146-1
linux	source	(unstable)	5.7.10-1
linux-4.19	source	stretch	4.19.146-1~deb9u1	DLA-2385-1

Notes

[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
https://www.openwall.com/lists/oss-security/2020/06/18/1
https://git.kernel.org/linus/853eab68afc80f59f36bbdeb715e5c88c501e680