LiveActive security incident?Get immediate response
CVE Record

CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Currently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding the per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_lock (through crypto_exit_scomp_ops_async()). On the other hand, crypto_alloc_acomp_node() holds the scomp_lock (through crypto_scomp_init_tfm()), and then allocates memory. If the allocation results in reclaim, we may attempt to hold the per-CPU acomp_ctx mutex. The above dependencies can cause an ABBA deadlock. For example in the following scenario: (1) Task A running on CPU #1: crypto_alloc_acomp_node() Holds scomp_lock Enters reclaim Reads per_cpu_ptr(pool->acomp_ctx, 1) (2) Task A is descheduled (3) CPU #1 goes offline zswap_cpu_comp_dead(CPU #1) Holds per_cpu_ptr(pool->acomp_ctx, 1)) Calls crypto_free_acomp() Waits for scomp_lock (4) Task A running on CPU #2: Waits for per_cpu_ptr(pool->acomp_ctx, 1) // Read on CPU #1 DEADLOCK Since there is no requirement to call crypto_free_acomp() with the per-CPU acomp_ctx mutex held in zswap_cpu_comp_dead(), move it after the mutex is unlocked. Also move the acomp_request_free() and kfree() calls for consistency and to avoid any potential sublte locking dependencies in the future. With this, only setting acomp_ctx fields to NULL occurs with the mutex held. This is similar to how zswap_cpu_comp_prepare() only initializes acomp_ctx fields with the mutex held, after performing all allocations before holding the mutex. Opportunistically, move the NULL check on acomp_ctx so that it takes place before the mutex dereference.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2025-22030 is a Linux kernel zswap locking bug that can deadlock the system during memory reclaim and CPU offline handling. The available sources describe a reliability and availability risk, not data theft or remote code execution. Severity is not scored in the bundle, so business urgency depends on whether affected kernels and zswap-related workloads are present.

Executive priority

Handle through normal kernel patch governance unless affected systems are business-critical, heavily memory-constrained, or depend on CPU hotplug operations. There is no cited active exploitation, but a kernel deadlock can still create service interruption, so prioritize validation and vendor-supported updates over emergency response.

Technical view

The issue is an ABBA deadlock between zswap_cpu_comp_dead() holding a per-CPU acomp_ctx mutex while calling crypto_free_acomp(), and crypto_alloc_acomp_node() holding scomp_lock before memory allocation and reclaim. The fix moves crypto_free_acomp(), acomp_request_free(), and kfree() outside the mutex-held section, leaving only NULL field updates protected.

Likely exposure

Exposure appears limited to Linux systems running affected kernel versions with zswap code paths reachable, especially where CPU offline events and memory reclaim can interact. The bundle lists affected Linux versions including 6.13, 6.12.23, 6.13.11, 6.14.2, and 6.15, but distribution backport status must be verified separately.

Exploitation context

The provided sources do not show active exploitation, public exploit availability, or KEV listing. The described scenario is a kernel deadlock condition requiring specific timing around allocation, reclaim, zswap compression context locking, and CPU offline handling. Treat it primarily as an availability risk until vendor scoring or exploitation evidence says otherwise.

Researcher notes

The source record is unusually sparse: no CVSS, no CWE, and no explicit threat model beyond the locking scenario. The strongest evidence is the kernel fix rationale. Research should focus on affected kernel lineage, distro backports, zswap enablement, and whether CPU hotplug plus reclaim is plausible in monitored environments.

Mitigation direction

  • Check your Linux distribution advisory for fixed kernel packages or backports.
  • Update affected kernels to vendor-supported builds containing the stable zswap fix.
  • Prioritize systems using zswap, memory pressure, or CPU hotplug/offline workflows.
  • If patching is delayed, follow vendor guidance for zswap-related risk reduction.
  • Track kernel stable commit inclusion across fleet kernel versions.

Validation and detection

  • Inventory kernel versions across Linux hosts and compare against vendor fixed builds.
  • Check whether zswap is enabled or operationally relied upon on each host class.
  • Review uptime, kernel logs, and monitoring for unexplained hangs under memory pressure.
  • Confirm patched kernels include one of the referenced stable fixes or downstream backport.
  • Retest representative workloads involving memory pressure after kernel updates.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2025-22030 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
5Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux8d29ff5d50304daa41dc3cfdda4a9d1e46cf5be1, 12dcb0ef540629a281533f9dedc1b6b8e14cfb65, 12dcb0ef540629a281533f9dedc1b6b8e14cfb65, 12dcb0ef540629a281533f9dedc1b6b8e14cfb65, 6.12.12unaffected
LinuxLinux6.13, 0, 6.12.23, 6.13.11, 6.14.2, 6.15affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.