CVE-2025-39941: 
Linux Debian vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2025-39941) has been identified related to a race condition in the zram subsystem. The issue involves parallel concurrent writes to the same zram index resulting in leaked zsmalloc handles. This vulnerability was recently published to the CVE List and has been included in the NVD dataset as of October 4, 2025 (NVD).

The vulnerability stems from a slot write race condition in the zram component. When parallel concurrent writes occur to the same zram index, a race condition emerges where either CPU0 or CPU1 zsmalloc handle will leak because zs_free() is executed too early. The issue occurs because the zram entry needs to be reset right before setting its new handle, all under the same slot lock scope (NVD).

The primary impact of this vulnerability is memory leakage in the Linux kernel. When exploited, the vulnerability results in leaked zsmalloc handles, which could lead to memory resource exhaustion over time (NVD).

The vulnerability has been resolved in the Linux kernel through patches that correct the slot write race condition. The fix ensures proper handling of zram entry resets and handle assignments under the same slot lock scope (NVD).