CVE-2025-21693
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's zswap memory compression subsystem allows local attackers to potentially crash the system or execute arbitrary code. The issue occurs during CPU hotunplug operations when compression/decompression resources are improperly synchronized. This affects Linux systems with zswap enabled and CPU hotplug capabilities.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, leading to complete system compromise and potential data exfiltration.
Likely Case
Kernel panic or system crash causing denial of service, potentially leading to data loss or service disruption.
If Mitigated
Minimal impact if zswap is disabled or CPU hotplug is not used in production environments.
🎯 Exploit Status
Exploitation requires local access and ability to trigger CPU hotplug events while zswap operations are in progress. Race condition makes timing challenging.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 12dcb0ef540629a281533f9dedc1b6b8e14cfb65 and 8d29ff5d50304daa41dc3cfdda4a9d1e46cf5be1
Vendor Advisory: https://git.kernel.org/stable/c/12dcb0ef540629a281533f9dedc1b6b8e14cfb65
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check with your Linux distribution for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable zswap
allDisable the zswap memory compression feature to eliminate the vulnerability vector
echo 0 > /sys/module/zswap/parameters/enabled
Disable CPU hotplug
allPrevent CPU hotunplug operations that trigger the race condition
echo 0 > /sys/devices/system/cpu/cpuX/online (for each CPU)
🧯 If You Can't Patch
- Disable zswap completely in kernel boot parameters (add 'zswap.enabled=0' to kernel command line)
- Restrict local user access to prevent potential exploitation by untrusted users
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if zswap is enabled: cat /proc/cmdline | grep zswap && cat /sys/module/zswap/parameters/enabledCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: uname -r && check with distribution vendor for specific patched versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Oops messages related to zswap or acomp_ctx
- CPU hotplug events in system logs
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for kernel panic or oops messages containing 'zswap', 'acomp_ctx', or use-after-free errors