Kexec Buffer Initialization Issue in Linux Kernel Affecting Multiple Architectures
CVE-2025-39904

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
1 October 2025

What is CVE-2025-39904?

A vulnerability has been identified in the Linux kernel related to the kexec_buf structure, which was previously declared without proper initialization. This flaw can lead to the use of uninitialized memory fields, resulting in unpredictable behavior. The issue was brought to attention after an update allowed for random placement of kexec_buf, but the new field was not guaranteed to be populated across all architectures. As a result, accessing uninitialized memory can trigger undefined behavior, such as UBSAN warnings indicating invalid loads. The importance of ensuring that all fields within the kexec_buf are zero-initialized at declaration has been emphasized to prevent future occurrences of similar issues.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux bf454ec31add6790f6cdc88328e38901fcbbade6 < 340cc9a3bd30b25edaf6a9708d41b5f2c10a054a

Linux bf454ec31add6790f6cdc88328e38901fcbbade6 < 04d3cd43700a2d0fe4bfb1012a8ec7f2e34a3507

Linux 6.16

References

https://git.kernel.org/stable/c/340cc9a3bd30b25edaf6a9708...
https://git.kernel.org/stable/c/04d3cd43700a2d0fe4bfb1012...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.