CVE-2025-22030

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A deadlock vulnerability has been identified in the Linux kernel, specifically in the zswap component. The issue arises from the zswap cpu comp dead() function calling crypto free acomp() while holding the per-CPU acomp ctx mutex, which can lead to a deadlock scenario. This occurs when crypto alloc acomp node() holds the scomp lock and attempts to allocate memory, potentially resulting in a reclaim operation that tries to hold the per-CPU acomp ctx mutex. The vulnerability can cause an ABBA deadlock in certain scenarios.

Recommendations To resolve this issue, the crypto free acomp() call in zswap cpu comp dead() should be moved after the mutex is unlocked. Additionally, the acomp request free() and kfree() calls should be moved for consistency and to avoid potential subtle locking dependencies in the future. It is also recommended to move the NULL check on acomp ctx to take place before the mutex dereference. At the moment, there is no information about a newer version that contains a fix for this vulnerability.