Unrated severityNVD Advisory· Published Oct 4, 2025

zram: fix slot write race condition

CVE-2025-39941

Description

In the Linux kernel, the following vulnerability has been resolved:

Parallel concurrent writes to the same zram index result in leaked zsmalloc handles. Schematically we can have something like this:

CPU0 CPU1 zram_slot_lock() zs_free(handle) zram_slot_lock() zram_slot_lock() zs_free(handle) zram_slot_lock()

compress compress handle = zs_malloc() handle = zs_malloc() zram_slot_lock zram_set_handle(handle) zram_slot_lock zram_slot_lock zram_set_handle(handle) zram_slot_lock

Either CPU0 or CPU1 zsmalloc handle will leak because zs_free() is done too early. In fact, we need to reset zram entry right before we set its new handle, all under the same slot lock scope.

Affected products

Linux/Kernelllm-fuzzy
Linux/Linuxv5
Range: 6.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000