How to fix CVE-2025-39941?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Race Condition affected by CVE-2025-39941?

CVE-2025-39941 presents moderate security risk, a race condition vulnerability rated CVSS 4.7. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available. A patch is available and should be applied during regular vulnerability management.

CVE-2025-39941

EUVD-2025-32389 MEDIUM

2025-10-04 416baaa9-dc9f-4396-8d5f-8c081fb06d67

4.7

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 13, 2026 - 19:56 vuln.today

EUVD ID Assigned

Mar 13, 2026 - 19:56 euvd

EUVD-2025-32389

PoC Detected

Jan 23, 2026 - 20:37 vuln.today

Public exploit code

Patch Released

Jan 23, 2026 - 20:37 nvd

Patch available

CVE Published

Oct 04, 2025 - 08:15 nvd

MEDIUM 4.7

Description

In the Linux kernel, the following vulnerability has been resolved: zram: fix slot write race condition Parallel concurrent writes to the same zram index result in leaked zsmalloc handles. Schematically we can have something like this: CPU0 CPU1 zram_slot_lock() zs_free(handle) zram_slot_lock() zram_slot_lock() zs_free(handle) zram_slot_lock() compress compress handle = zs_malloc() handle = zs_malloc() zram_slot_lock zram_set_handle(handle) zram_slot_lock zram_slot_lock zram_set_handle(handle) zram_slot_lock Either CPU0 or CPU1 zsmalloc handle will leak because zs_free() is done too early. In fact, we need to reset zram entry right before we set its new handle, all under the same slot lock scope.

Analysis

In the Linux kernel, the following vulnerability has been resolved:

zram: fix slot write race condition

Parallel concurrent writes to the same zram index result in leaked zsmalloc handles. Schematically we can have something like this:

CPU0 CPU1 zram_slot_lock() zs_free(handle) zram_slot_lock() zram_slot_lock() zs_free(handle) zram_slot_lock()

compress compress handle = zs_malloc() handle = zs_malloc() zram_slot_lock zram_set_handle(handle) zram_slot_lock zram_slot_lock zram_set_handle(handle) zram_slot_lock

Either CPU0 or CPU1 zsmalloc handle will leak because zs_free() is done too early. In fact, we need to reset zram entry right before we set its new handle, all under the same slot lock scope.

Technical Context

A race condition occurs when the behavior of software depends on the timing of events, such as the order of execution of threads or processes.

Affected Products

Affected products: Linux Linux Kernel

Remediation

A vendor patch is available — apply it immediately. Use proper synchronization mechanisms (locks, mutexes, atomic operations). Implement file locking for filesystem operations. Avoid TOCTOU patterns.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +24

POC: +20

Vendor Status

CVE-2025-39941 vulnerability details – vuln.today

Back

CVE-2025-39941

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-39941

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code