CVE-2025-21693 — Use After Free in Linux
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.0%
top 93.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 10
Latest updateApr 23
Description
In the Linux kernel, the following vulnerability has been resolved:
mm: zswap: properly synchronize freeing resources during CPU hotunplug
In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the
current CPU at the beginning of the operation is retrieved and used
throughout. However, since neither preemption nor migration are disabled,
it is possible that the operation continues on a different CPU.
If the original CPU is hotunplugged while the acomp_ctx is still in use,
we run…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages17 packages
Patches
🔴Vulnerability Details
4OSV▶
linux, linux-aws, linux-gcp, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oem-6.11, linux-oracle, linux-raspi, linux-realtime vulnerabilities↗2025-04-23
GHSA▶
GHSA-jqr2-rwpf-xrf3: In the Linux kernel, the following vulnerability has been resolved:
mm: zswap: properly synchronize freeing resources during CPU hotunplug
In zswap_↗2025-02-10
OSV▶
CVE-2025-21693: In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_co↗2025-02-10
📋Vendor Advisories
5Debian▶
CVE-2025-21693: linux - In the Linux kernel, the following vulnerability has been resolved: mm: zswap: ...↗2025