CVE-2025-39904

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arm64: kexec: initialize kexec_buf struct in load_other_segments()<br /> <br /> Patch series "kexec: Fix invalid field access".<br /> <br /> The kexec_buf structure was previously declared without initialization. <br /> commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly")<br /> added a field that is always read but not consistently populated by all<br /> architectures. This un-initialized field will contain garbage.<br /> <br /> This is also triggering a UBSAN warning when the uninitialized data was<br /> accessed:<br /> <br /> ------------[ cut here ]------------<br /> UBSAN: invalid-load in ./include/linux/kexec.h:210:10<br /> load of value 252 is not a valid value for type &amp;#39;_Bool&amp;#39;<br /> <br /> Zero-initializing kexec_buf at declaration ensures all fields are cleanly<br /> set, preventing future instances of uninitialized memory being used.<br /> <br /> An initial fix was already landed for arm64[0], and this patchset fixes<br /> the problem on the remaining arm64 code and on riscv, as raised by Mark.<br /> <br /> Discussions about this problem could be found at[1][2].<br /> <br /> <br /> This patch (of 3):<br /> <br /> The kexec_buf structure was previously declared without initialization.<br /> commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly")<br /> added a field that is always read but not consistently populated by all<br /> architectures. This un-initialized field will contain garbage.<br /> <br /> This is also triggering a UBSAN warning when the uninitialized data was<br /> accessed:<br /> <br /> ------------[ cut here ]------------<br /> UBSAN: invalid-load in ./include/linux/kexec.h:210:10<br /> load of value 252 is not a valid value for type &amp;#39;_Bool&amp;#39;<br /> <br /> Zero-initializing kexec_buf at declaration ensures all fields are<br /> cleanly set, preventing future instances of uninitialized memory being<br /> used.