CVE-2025-22030
📋 TL;DR
A deadlock vulnerability in the Linux kernel's zswap memory compression subsystem that can cause system hangs or crashes when CPU hotplug operations occur. Affects Linux systems with zswap enabled, particularly those with memory pressure during CPU offline events.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System-wide deadlock causing complete unresponsiveness, requiring hard reboot and potential data loss.
Likely Case
System hangs or kernel panics during CPU hotplug operations, leading to service disruption.
If Mitigated
Minor performance impact during CPU hotplug if zswap is disabled or patched.
🎯 Exploit Status
Requires local access and ability to trigger CPU hotplug events under memory pressure conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commit 717d9c35deff6c33235693171bacbb03e9643fa4 or later
Vendor Advisory: https://git.kernel.org/stable/c/717d9c35deff6c33235693171bacbb03e9643fa4
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable zswap
linuxDisable zswap memory compression feature to avoid the deadlock condition
echo 0 > /sys/module/zswap/parameters/enabled
Disable CPU hotplug
linuxPrevent CPU offline events that trigger the vulnerability
echo 0 > /sys/devices/system/cpu/cpuX/online (for each CPU)
🧯 If You Can't Patch
- Disable zswap feature completely
- Avoid CPU hotplug operations and ensure adequate memory to prevent reclaim
🔍 How to Verify
Check if Vulnerable:
Check if zswap is enabled: cat /sys/module/zswap/parameters/enabled. If returns 'Y' and kernel version is unpatched, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commit: uname -r and verify with distribution patch notes. Also confirm zswap can be enabled without issues.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- 'BUG: scheduling while atomic' errors
- CPU offline failures in system logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
search 'kernel: BUG: scheduling while atomic' OR 'kernel: CPU.*offline' OR 'kernel: zswap' in system logs