CVE-2025-38241: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38241 affects the Linux kernel and was disclosed on July 9, 2025. The vulnerability involves a softlockup issue in the kernel's memory management subsystem, specifically in the mm/shmem and swap functionality when handling mTHP (Multi-page Transparent Huge Pages) swapin operations (NVD, RedHat).

The vulnerability occurs when readahead brings some order 0 folio in swap cache, and the swapin mTHP folio being allocated conflicts with it. This causes swapcacheprepare to fail, resulting in shmemswapallocfolio returning -EEXIST. The system then enters an infinite retry loop, leading to a CPU softlockup. The issue has a CVSS v3.1 base score of 5.5 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (RedHat).

The vulnerability results in a CPU softlockup condition that can cause system performance degradation. When triggered, it causes the CPU to become stuck for extended periods (observed as 763 seconds in test cases) and can affect system stability. Performance testing showed minimal impact on swapin operations, with times changing from 2.47s to 2.48s after the fix (NVD).

The issue has been resolved in the Linux kernel by applying a fix similar to the one used for anon mTHP swapin. The fix prevents the infinite retry loop while maintaining system performance. The patch has been integrated into the kernel codebase (RedHat).