CVE-2025-39941
📋 TL;DR
A race condition in the Linux kernel's zram driver allows parallel writes to the same memory slot to leak zsmalloc handles, potentially causing memory corruption or denial of service. This affects systems using zram (compressed RAM-based block devices) on vulnerable Linux kernel versions. Attackers with local access could exploit this to degrade system stability.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Memory corruption leading to kernel panic, system crash, or potential privilege escalation through memory manipulation.
Likely Case
Memory leaks causing gradual performance degradation, system instability, or denial of service through resource exhaustion.
If Mitigated
Minimal impact if proper access controls limit local user privileges and zram usage is restricted.
🎯 Exploit Status
Exploitation requires local access and knowledge of zram operations; race conditions can be difficult to reliably trigger.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits ce4be9e4307c5a60701ff6e0cafa74caffdc54ce and ff750e9f2c4d63854c33967d1646b5e89a9a19a2
Vendor Advisory: https://git.kernel.org/stable/c/ce4be9e4307c5a60701ff6e0cafa74caffdc54ce
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable zram
linuxDisable zram compression if not required, eliminating the vulnerable component.
sudo swapoff -a
sudo rmmod zram
sudo systemctl disable zram* if applicable
Restrict local access
linuxLimit local user privileges and access to reduce attack surface.
sudo useradd -r -s /sbin/nologin restricteduser
sudo chmod 700 /dev/zram*
🧯 If You Can't Patch
- Disable zram functionality completely if not essential for system operation.
- Implement strict access controls to limit which users/processes can interact with zram devices.
🔍 How to Verify
Check if Vulnerable:
Check if zram is enabled: lsmod | grep zram AND check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: git log --oneline | grep -E 'ce4be9e4307c5a60701ff6e0cafa74caffdc54ce|ff750e9f2c4d63854c33967d1646b5e89a9a19a2'📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to zram or memory allocation
- System logs showing unexpected crashes or performance degradation when zram is active
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("zram" OR "memory leak" OR "kernel panic")