CVE-2025-39941
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-39941, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-04

Last updated on: 2025-10-06

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: zram: fix slot write race condition Parallel concurrent writes to the same zram index result in leaked zsmalloc handles. Schematically we can have something like this: CPU0 CPU1 zram_slot_lock() zs_free(handle) zram_slot_lock() zram_slot_lock() zs_free(handle) zram_slot_lock() compress compress handle = zs_malloc() handle = zs_malloc() zram_slot_lock zram_set_handle(handle) zram_slot_lock zram_slot_lock zram_set_handle(handle) zram_slot_lock Either CPU0 or CPU1 zsmalloc handle will leak because zs_free() is done too early. In fact, we need to reset zram entry right before we set its new handle, all under the same slot lock scope.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-04
Last Modified
2025-10-06
Generated
2026-07-06
AI Q&A
2025-10-04
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a race condition in the Linux kernel's zram module where parallel concurrent writes to the same zram index cause leaked zsmalloc handles. The issue occurs because zs_free() is called too early during concurrent operations, leading to one of the handles being leaked. The fix involves resetting the zram entry right before setting its new handle, all within the same slot lock scope to prevent the race condition.

Impact Analysis

The vulnerability can lead to leaked memory handles (zsmalloc handles) due to race conditions during concurrent writes in the zram module. This can cause resource leaks, potentially degrading system performance or stability over time if the leaked handles accumulate.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39941. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart