Linux Kernel zsmalloc LRU Update Vulnerability Leading to Memory Corruption

A vulnerability in the Linux kernel's zsmalloc memory allocator can cause list corruption under memory pressure, leading to a crash. This issue arises because zsmalloc updates the Least Recently Used (LRU) list at the object mapping stage, rather than when the object slot is allocated. This flaw creates a race condition between concurrent store and reclaim operations, particularly when the zswap frontswap store function is called while the LRU is being updated, causing data corruption that triggers a crash. The problem is exacerbated by a new zswap shrinking mechanism that increases the likelihood of such interleaving, a scenario not present in other zswap backends like zbud and z3fold, which manage LRU updates more effectively.

Impact

The vulnerability leads to memory corruption, where the integrity of the LRU list is compromised, causing a crash due to detected list corruption.

Reproduction

The vulnerability can be reproduced by applying the new zswap shrinking mechanism, which makes concurrent store and reclaim operations more likely to overlap. Under these conditions, the zsmalloc allocator will update the LRU list at the wrong time, causing the LRU list to become corrupted.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.