CVE-2025-21860

Summary

CVE-2025-21860: A vulnerability was discovered in the Linux kernel's zswap feature. When zswap fails to store an entire folio, it skips charging zswap entries for those pages. However, when freeing zswap entries for those pages, zswap_entry_free() uncharges previously uncharged entries, leading to inconsistent zswap charging. This inconsistency results in two warnings and an issue with zswap_stored_pages. The issue was resolved by charging zswap entries within zswap_store_page() when it succeeds, ensuring that zswap_entry_free() decrements the counter and uncharges entries when it fails. This fix eliminates the warnings. [ [[email protected]: Refactor zswap_store_page()] Link: https://lkml.kernel.org/r/[email protected]] Inconsistent zswap charging occurs when zswap fails to store an entire folio and skips charging entries for those pages. Upon attempting to free zswap entries for these pages, zswap_entry_free() uncharges previously uncharged entries, leading to inconsistent zswap charging. This issue results in two warnings and an inconsistency with zswap_stored_pages. The vulnerability was addressed by charging zswap entries within zswap_store_page() when it succeeds, ensuring that zswap_entry_free() decrements the counter and uncharges entries when it fails. This resolution eliminates the warnings. [ [[email protected]: Refactor zswap_store_page()] Link: https://lkml.kernel.org/r/[email protected]] A vulnerability, identified as CVE-2025-21860, was found in the Linux kernel's zswap functionality. When zswap fails to store an entire folio, it bypasses charging zswap entries for those pages. During the process of freeing zswap entries for these pages, zswap_entry_free() uncharges previously uncharged entries, leading to inconsistent zswap charging. This inconsistency manifests as two warnings and a problem with zswap_stored_pages. The vulnerability was remedied by charging zswap entries within zswap_store_page() when it is successful, ensuring that zswap_entry_free() decrements the counter and uncharges entries when it fails. This solution eliminates the warnings. [ [[email protected]: Refactor zswap_store_page()] Link: https://lkml.kernel.org/r/[email protected]] The Linux kernel's zswap feature suffered from a vulnerability, CVE-2025-21860. When zswap fails to store an entire folio, it neglects to charge zswap entries for those pages. In the process of freeing zswap entries for these pages, zswap_entry_free() uncharges previously uncharged entries, leading to inconsistent zswap charging. This inconsistency results in two warnings and an issue with zswap_stored_pages. By charging zswap entries within zswap_store_page() upon success, zswap_entry_free() can decrement the counter and uncharge entries when it fails, thus resolving the issue and eliminating the warnings. [ [[email protected]: Refactor zswap_store_page()] Link: https://lkml.kernel.org/r/[email protected]] A Linux kernel vulnerability, CVE-2025-21860, was reported in the zswap functionality. When zswap fails to store an entire folio, it omits charging zswap entries for those pages. During the process of freeing zswap entries for these pages, zswap_entry_free() uncharges previously uncharged entries, leading to inconsistent zswap charging. This inconsistency causes two warnings and a problem with zswap_stored_pages. The issue was resolved by charging zswap entries within zswap_store_page() upon success, enabling zswap_entry_free() to decrement the counter and uncharge entries when it fails, thereby eliminating the warnings. [ [[email protected]: Refactor zswap_store_page()] Link: https://lkml.kernel.org/r/[email protected]] CVE-2025-21860 refers to a vulnerability discovered in the Linux kernel's zswap functionality. When zswap fails to store an entire folio, it bypasses charging zswap entries for those pages. In the process of freeing zswap entries for these pages, zswap_entry_free() uncharges previously uncharged entries, resulting in inconsistent zswap charging. This inconsistency leads to two warnings and an issue with zswap_stored_pages. The vulnerability was mitigated by charging zswap entries within zswap_store_page() when it succeeds, allowing zswap_entry_free() to decrement the counter and uncharge entries when it fails, thereby eliminating the warnings. [ [[email protected]: Refactor zswap_store_page()] Link: https://lkml.kernel.org/r/[email protected]]

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.