CVE-2025-39941
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39941
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39941.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-39941
- Downstream
- Published
- 2025-10-04T07:31:04Z
- Modified
- 2025-10-22T16:33:47.315384Z
- Summary
- zram: fix slot write race condition
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
zram: fix slot write race condition
Parallel concurrent writes to the same zram index result in leaked zsmalloc handles. Schematically we can have something like this:
CPU0 CPU1 zramslotlock() zsfree(handle) zramslotlock() zramslotlock() zsfree(handle) zramslotlock()
compress compress handle = zsmalloc() handle = zsmalloc() zramslotlock zramsethandle(handle) zramslotlock zramslotlock zramsethandle(handle) zramslotlock
Either CPU0 or CPU1 zsmalloc handle will leak because zs_free() is done too early. In fact, we need to reset zram entry right before we set its new handle, all under the same slot lock scope.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced71268035f5d734ad6373d953298bd5779985497aFixedff750e9f2c4d63854c33967d1646b5e89a9a19a2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced71268035f5d734ad6373d953298bd5779985497aFixedce4be9e4307c5a60701ff6e0cafa74caffdc54ce