Kexec Buffer Initialization Issue in Linux Kernel Affecting Multiple Architectures
CVE-2025-39904
What is CVE-2025-39904?
A vulnerability has been identified in the Linux kernel related to the kexec_buf structure, which was previously declared without proper initialization. This flaw can lead to the use of uninitialized memory fields, resulting in unpredictable behavior. The issue was brought to attention after an update allowed for random placement of kexec_buf, but the new field was not guaranteed to be populated across all architectures. As a result, accessing uninitialized memory can trigger undefined behavior, such as UBSAN warnings indicating invalid loads. The importance of ensuring that all fields within the kexec_buf are zero-initialized at declaration has been emphasized to prevent future occurrences of similar issues.
Affected Version(s)
Linux bf454ec31add6790f6cdc88328e38901fcbbade6 < 340cc9a3bd30b25edaf6a9708d41b5f2c10a054a
Linux bf454ec31add6790f6cdc88328e38901fcbbade6 < 04d3cd43700a2d0fe4bfb1012a8ec7f2e34a3507
Linux 6.16