Johannes Weiner

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free bug was introduced in the Linux kernel when the switch to the crypto acomp API was made for hardware acceleration in zswap. The issue occurs because the per-CPU acomp ctx is retrieved and used throughout the operation in zswap compress() and zswap decompress(), but neither preemption nor migration is disabled, allowing the operation to continue on a different CPU. If the original CPU is hotunplugged while the acomp ctx is still in use, resources attached to it are freed, causing the bug. The problem was resolved by using acomp ctx.mutex to synchronize CPU hotplug callbacks with compression/decompression paths. **Recommendations** To resolve the issue, ensure that the Linux kernel is updated to a version that includes the fix for the use-after-free bug in zswap. As a temporary workaround, consider disabling the `zswap compress()` and `zswap decompress()` functions until a patch is available. Restrict access to the vulnerable `acomp ctx` to minimize the risk of exploitation. Avoid using the `acomp ctx.req` variable in the affected compression/decompression paths until the issue is resolved. Apply the synchronization mechanism using `acomp ctx.mutex` to prevent the use-after-free bug. Update the Linux kernel to the latest version that includes the fix for the zswap use-after-free vulnerability.