What is CVE-2025-22030?

CVE-2025-22030 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, classified as a Improper Locking flaw (CWE-667), affecting Linux kernel versions from 6.12.12 onward and patched in 6.12.23, 6.13.11, 6.14.2 and others. CVE-2025-22030 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-22030?

CVE-2025-22030 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2025-22030?

Yes, CVE-2025-22030 has been patched. Fixed versions include 6.12.23, 6.13.11, 6.14.2 and others. If you are running Linux kernel 6.12.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-22030 actively exploited?

CVE-2025-22030 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Improper Locking (CWE-667)?

The product does not properly acquire or release a lock, which can lead to unexpected behaviour. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/667.html

CVE-2025-22030

Medium

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Currently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding the per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_lock (through crypto_exit_scomp_ops_async()). On the other hand, crypto_alloc_acomp_node() holds the scomp_lock (through crypto_scomp_init_tfm()), and then allocates memory. If the allocation results in reclaim, we may attempt to hold the per-CPU acomp_ctx mutex. The above dependencies can cause an ABBA deadlock. For example in the following scenario: (1) Task A running on CPU #1: crypto_alloc_acomp_node() Holds scomp_lock Enters reclaim Reads per_cpu_ptr(pool->acomp_ctx, 1) (2) Task A is descheduled (3) CPU #1 goes offline zswap_cpu_comp_dead(CPU #1) Holds per_cpu_ptr(pool->acomp_ctx, 1)) Calls crypto_free_acomp() Waits for scomp_lock (4) Task A running on CPU #2: Waits for per_cpu_ptr(pool->acomp_ctx, 1) // Read on CPU #1 DEADLOCK Since there is no requirement to call crypto_free_acomp() with the per-CPU acomp_ctx mutex held in zswap_cpu_comp_dead(), move it after the mutex is unlocked. Also move the acomp_request_free() and kfree() calls for consistency and to avoid any potential sublte locking dependencies in the future. With this, only setting acomp_ctx fields to NULL occurs with the mutex held. This is similar to how zswap_cpu_comp_prepare() only initializes acomp_ctx fields with the mutex held, after performing all allocations before holding the mutex. Opportunistically, move the NULL check on acomp_ctx so that it takes place before the mutex dereference.

Package Linux Kernel

Published 2025-04-16

Last modified 2025-10-28

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-667

CVE-2025-22030 is a Improper Locking vulnerability

What is Improper Locking?

The product does not properly acquire or release a lock, which can lead to unexpected behaviour. Learn more on MITRE CWE

Affected versions

Linux kernel versions 6.12.12, 6.13 and later are affected. Fixed in 6.12.23, 6.13.11, 6.14.2, 6.15 and their respective stable series.

Affected from

≥ 6.12.12 ≥ 6.13

Fixed in

✓ 6.12.23 6.12.x ✓ 6.13.11 6.13.x ✓ 6.14.2 6.14.x ✓ 6.15

References

The following references provide additional information about CVE-2025-22030 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/717d9c35deff6c33235693171bacbb03e9643fa4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/747e3eec1d7d124ea90ed3d7b85369df8b4e36d2
Patch
Kernel patch commit
https://git.kernel.org/stable/c/a8d18000e9d2d97aaf105f5f9b3b0e8a6fbf8b96
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2025-22030

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2025-04-16

Modified 2025-10-28

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2025-22030?

CVE-2025-22030 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 , classified as an Improper Locking flaw (CWE-667) . It affects Linux kernel versions from 6.12.12 onward and has been patched in 6.12.23, 6.13.11, 6.14.2 and others. CVE-2025-22030 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2025-22030?

CVE-2025-22030 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2025-22030?

Yes — CVE-2025-22030 has been patched. Fixed versions include 6.12.23, 6.13.11, 6.14.2 and others. If you are running Linux kernel 6.12.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-22030 actively exploited?

No — CVE-2025-22030 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Improper Locking (CWE-667)?

The product does not properly acquire or release a lock, which can lead to unexpected behaviour. View CWE-667 on MITRE CWE →