Linux Kernel Zswap Component Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's zswap component. The issue arises in the zswap_cpu_comp_dead() function, which calls crypto_free_acomp() while holding a per-CPU mutex. This creates a circular dependency, as crypto_free_acomp() requires a different lock that can be held by a task descheduled on the same CPU, leading to a potential ABBA deadlock scenario. The vulnerability affects several Linux kernel versions.

Impact

Exploitation of this vulnerability can lead to a deadlock situation, causing tasks to be stuck waiting for each other indefinitely, which can disrupt system operations and performance.

Remediation

The vulnerability has been addressed in the official Linux kernel repository. Users should upgrade to the latest version where this issue has been fixed.