CVE-2025-39941Race Condition in Linux

CWE-362Race Condition5 documents5 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 98.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: zram: fix slot write race condition Parallel concurrent writes to the same zram index result in leaked zsmalloc handles. Schematically we can have something like this: CPU0 CPU1 zram_slot_lock() zs_free(handle) zram_slot_lock() zram_slot_lock() zs_free(handle) zram_slot_lock() compress compress handle = zs_malloc() handle = zs_malloc() zram_slot_lock zram_set_handle(handle) zram_slot_lock zram_slot_lock zram_set_handle(handl

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.146.16.9+1
Debianlinux/linux_kernel< 6.16.9-1
CVEListV5linux/linux71268035f5d734ad6373d953298bd5779985497aff750e9f2c4d63854c33967d1646b5e89a9a19a2+2
debiandebian/linux< linux 6.16.9-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2025-39941: In the Linux kernel, the following vulnerability has been resolved: zram: fix slot write race condition Parallel concurrent writes to the same zram in2025-10-04
GHSA
GHSA-mjg7-65xv-hcjw: In the Linux kernel, the following vulnerability has been resolved: zram: fix slot write race condition Parallel concurrent writes to the same zram2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: zram: fix slot write race condition2025-10-04
Debian
CVE-2025-39941: linux - In the Linux kernel, the following vulnerability has been resolved: zram: fix s...2025