Kernel Vulnerability in Linux Affecting kexec Functionality
CVE-2025-71139
Currently unrated
What is CVE-2025-71139?
A vulnerability in the Linux kernel's kexec functionality allows for improper allocation in the Contiguous Memory Allocator (CMA) area. This issue arises when the kexec target address is allocated in the CMA area, leading to inconsistencies during execution. The flaw is linked to the changes made in committing 07d24902977e, which aimed to enhance kexec by eliminating unnecessary copying of data. However, it fails to properly handle page mapping, resulting in a warning during execution. Addressing this flaw involves a direct usage of page_address() when IMA segments are allocated, ensuring system stability and security.
Affected Version(s)
Linux 07d24902977e4704fab8472981e73a0ad6dfa1fd
Linux 07d24902977e4704fab8472981e73a0ad6dfa1fd
Linux 6.17