Linux Kernel Zram Component Slot Write Race Condition Vulnerability

A race condition vulnerability has been identified in the Zram component of the Linux kernel. This issue arises from parallel concurrent writes to the same Zram index, leading to a leak of Zsmalloc handles. The vulnerability occurs because the Zs_free function is called too early, allowing either of the concurrent operations to overwrite the handle before it is properly freed. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can lead to a memory leak of Zsmalloc handles, which could potentially be exploited to cause a denial of service by exhausting memory resources.

Reproduction

The vulnerability can be reproduced by performing parallel writes to the same Zram index. This can be done by initiating two concurrent processes that write to the same index, causing a race condition where one process's write operation interferes with the other's. The Zram_slot_lock function is used to manage access to the Zram index, but the current implementation allows for a race condition to occur.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version of the stable kernel to apply the fix.