CVE-2025-39941

by Fred · 04/10/2025

In the Linux kernel, the following vulnerability has been resolved:

zram: fix slot write race condition

Parallel concurrent writes to the same zram index result in leaked
zsmalloc handles. Schematically we can have something like this:

CPU0 CPU1
zram_slot_lock()
zs_free(handle)
zram_slot_lock()
zram_slot_lock()
zs_free(handle)
zram_slot_lock()

compress compress
handle = zs_malloc() handle = zs_malloc()
zram_slot_lock
zram_set_handle(handle)
zram_slot_lock
zram_slot_lock
zram_set_handle(handle)
zram_slot_lock

Either CPU0 or CPU1 zsmalloc handle will leak because zs_free() is done
too early. In fact, we need to reset zram entry right before we set its
new handle, all under the same slot lock scope.

More information : https://git.kernel.org/stable/c/ce4be9e4307c5a60701ff6e0cafa74caffdc54ce

CVE-2025-39941

Similar

Recent Posts

Categories

CVE-2025-39941

Share this:

Similar

Recent Posts

Categories

Tags