CVE-2025-22030: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Currently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding the per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_lock (through crypto_exit_scomp_ops_async()). On the other hand, crypto_alloc_acomp_node() holds the scomp_lock (through crypto_scomp_init_tfm()), and then allocates memory. If the allocation results in reclaim, we may attempt to hold the per-CPU acomp_ctx mutex. The above dependencies can cause an ABBA deadlock. For example in the following scenario: (1) Task A running on CPU #1: crypto_alloc_acomp_node() Holds scomp_lock Enters reclaim Reads per_cpu_ptr(pool->acomp_ctx, 1) (2) Task A is descheduled (3) CPU #1 goes offline zswap_cpu_comp_dead(CPU #1) Holds per_cpu_ptr(pool->acomp_ctx, 1)) Calls crypto_free_acomp() Waits for scomp_lock (4) Task A running on CPU #2: Waits for per_cpu_ptr(pool->acomp_ctx, 1) // Read on CPU #1 DEADLOCK Since there is no requirement to call crypto_free_acomp() with the per-CPU acomp_ctx mutex held in zswap_cpu_comp_dead(), move it after the mutex is unlocked. Also move the acomp_request_free() and kfree() calls for consistency and to avoid any potential sublte locking dependencies in the future. With this, only setting acomp_ctx fields to NULL occurs with the mutex held. This is similar to how zswap_cpu_comp_prepare() only initializes acomp_ctx fields with the mutex held, after performing all allocations before holding the mutex. Opportunistically, move the NULL check on acomp_ctx so that it takes place before the mutex dereference.
AI Analysis
Technical Summary
CVE-2025-22030 is a concurrency vulnerability in the Linux kernel's memory management subsystem, specifically within the zswap feature that compresses pages in memory to improve performance. The vulnerability arises from a potential deadlock scenario involving the crypto subsystem's asynchronous compression context (acomp_ctx) management. The function zswap_cpu_comp_dead() holds a per-CPU mutex (acomp_ctx mutex) and calls crypto_free_acomp(), which in turn attempts to acquire the scomp_lock mutex. Conversely, crypto_alloc_acomp_node() acquires scomp_lock first and may trigger memory reclaim that attempts to acquire the per-CPU acomp_ctx mutex. This lock acquisition order inversion (ABBA deadlock) can cause tasks to deadlock when CPUs go offline or during memory reclaim operations. The fix involves moving the call to crypto_free_acomp() outside the per-CPU mutex lock in zswap_cpu_comp_dead(), ensuring that the mutexes are not held simultaneously in conflicting order. Additionally, the patch moves acomp_request_free() and kfree() calls for consistency and reduces the risk of subtle future locking issues. This vulnerability is a classic deadlock scenario caused by improper lock ordering in kernel code, which can lead to system hangs or degraded performance due to stalled kernel threads or CPU offline operations.
Potential Impact
For European organizations relying on Linux-based systems, especially those using kernels with the affected zswap implementation, this vulnerability could lead to system instability or hangs during CPU offline events or under memory pressure conditions. This can affect servers, cloud infrastructure, and embedded devices running Linux kernels with the vulnerable code. The deadlock does not appear to allow privilege escalation or direct data compromise but can cause denial of service (DoS) by freezing kernel threads or preventing CPUs from going offline cleanly. This can impact availability of critical services, particularly in data centers or cloud environments where Linux is prevalent. Organizations with high availability requirements or those running large-scale Linux deployments may experience operational disruptions. However, since exploitation requires specific kernel conditions and is not known to be exploited in the wild, the immediate risk is moderate but should be addressed proactively.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2025-22030. Kernel maintainers have resolved the deadlock by reordering lock acquisition and freeing operations in the zswap and crypto subsystems. Until patches are applied, organizations can mitigate risk by minimizing CPU offline events and memory pressure scenarios that trigger reclaim operations involving crypto_alloc_acomp_node(). Monitoring kernel logs for signs of deadlock or CPU offline failures can help detect attempts to trigger this issue. For custom or embedded Linux distributions, backporting the patch is recommended. Additionally, thorough testing of kernel updates in staging environments is advised to ensure stability. Organizations should also review kernel configuration options related to zswap and crypto to understand exposure and consider disabling zswap if it is not critical to their workloads, as a temporary workaround.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2025-22030: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Currently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding the per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_lock (through crypto_exit_scomp_ops_async()). On the other hand, crypto_alloc_acomp_node() holds the scomp_lock (through crypto_scomp_init_tfm()), and then allocates memory. If the allocation results in reclaim, we may attempt to hold the per-CPU acomp_ctx mutex. The above dependencies can cause an ABBA deadlock. For example in the following scenario: (1) Task A running on CPU #1: crypto_alloc_acomp_node() Holds scomp_lock Enters reclaim Reads per_cpu_ptr(pool->acomp_ctx, 1) (2) Task A is descheduled (3) CPU #1 goes offline zswap_cpu_comp_dead(CPU #1) Holds per_cpu_ptr(pool->acomp_ctx, 1)) Calls crypto_free_acomp() Waits for scomp_lock (4) Task A running on CPU #2: Waits for per_cpu_ptr(pool->acomp_ctx, 1) // Read on CPU #1 DEADLOCK Since there is no requirement to call crypto_free_acomp() with the per-CPU acomp_ctx mutex held in zswap_cpu_comp_dead(), move it after the mutex is unlocked. Also move the acomp_request_free() and kfree() calls for consistency and to avoid any potential sublte locking dependencies in the future. With this, only setting acomp_ctx fields to NULL occurs with the mutex held. This is similar to how zswap_cpu_comp_prepare() only initializes acomp_ctx fields with the mutex held, after performing all allocations before holding the mutex. Opportunistically, move the NULL check on acomp_ctx so that it takes place before the mutex dereference.
AI-Powered Analysis
Technical Analysis
CVE-2025-22030 is a concurrency vulnerability in the Linux kernel's memory management subsystem, specifically within the zswap feature that compresses pages in memory to improve performance. The vulnerability arises from a potential deadlock scenario involving the crypto subsystem's asynchronous compression context (acomp_ctx) management. The function zswap_cpu_comp_dead() holds a per-CPU mutex (acomp_ctx mutex) and calls crypto_free_acomp(), which in turn attempts to acquire the scomp_lock mutex. Conversely, crypto_alloc_acomp_node() acquires scomp_lock first and may trigger memory reclaim that attempts to acquire the per-CPU acomp_ctx mutex. This lock acquisition order inversion (ABBA deadlock) can cause tasks to deadlock when CPUs go offline or during memory reclaim operations. The fix involves moving the call to crypto_free_acomp() outside the per-CPU mutex lock in zswap_cpu_comp_dead(), ensuring that the mutexes are not held simultaneously in conflicting order. Additionally, the patch moves acomp_request_free() and kfree() calls for consistency and reduces the risk of subtle future locking issues. This vulnerability is a classic deadlock scenario caused by improper lock ordering in kernel code, which can lead to system hangs or degraded performance due to stalled kernel threads or CPU offline operations.
Potential Impact
For European organizations relying on Linux-based systems, especially those using kernels with the affected zswap implementation, this vulnerability could lead to system instability or hangs during CPU offline events or under memory pressure conditions. This can affect servers, cloud infrastructure, and embedded devices running Linux kernels with the vulnerable code. The deadlock does not appear to allow privilege escalation or direct data compromise but can cause denial of service (DoS) by freezing kernel threads or preventing CPUs from going offline cleanly. This can impact availability of critical services, particularly in data centers or cloud environments where Linux is prevalent. Organizations with high availability requirements or those running large-scale Linux deployments may experience operational disruptions. However, since exploitation requires specific kernel conditions and is not known to be exploited in the wild, the immediate risk is moderate but should be addressed proactively.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2025-22030. Kernel maintainers have resolved the deadlock by reordering lock acquisition and freeing operations in the zswap and crypto subsystems. Until patches are applied, organizations can mitigate risk by minimizing CPU offline events and memory pressure scenarios that trigger reclaim operations involving crypto_alloc_acomp_node(). Monitoring kernel logs for signs of deadlock or CPU offline failures can help detect attempts to trigger this issue. For custom or embedded Linux distributions, backporting the patch is recommended. Additionally, thorough testing of kernel updates in staging environments is advised to ensure stability. Organizations should also review kernel configuration options related to zswap and crypto to understand exposure and consider disabling zswap if it is not critical to their workloads, as a temporary workaround.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.808Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9831c4522896dcbe7ebc
Added to database: 5/21/2025, 9:09:05 AM
Last enriched: 7/3/2025, 7:56:54 PM
Last updated: 8/5/2025, 6:33:42 PM
Views: 36
Related Threats
CVE-2025-8822: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-8821: OS Command Injection in Linksys RE6250
MediumCVE-2025-8817: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-8820: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-8819: Stack-based Buffer Overflow in Linksys RE6250
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.