CVE-2025-39904

In the Linux kernel, the following vulnerability has been resolved:

arm64: kexec: initialize kexec_buf struct in load_other_segments()

Patch series "kexec: Fix invalid field access".

The kexec_buf structure was previously declared without initialization. commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly") added a field that is always read but not consistently populated by all architectures. This un-initialized field will contain garbage.

This is also triggering a UBSAN warning when the uninitialized data was accessed:

------------[ cut here ]------------
UBSAN: invalid-load in ./include/linux/kexec.h:210:10
load of value 252 is not a valid value for type &#039;_Bool&#039;

Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used.

An initial fix was already landed for arm64[0], and this patchset fixes the problem on the remaining arm64 code and on riscv, as raised by Mark.

Discussions about this problem could be found at[1][2].

This patch (of 3):

This is also triggering a UBSAN warning when the uninitialized data was accessed:

------------[ cut here ]------------
UBSAN: invalid-load in ./include/linux/kexec.h:210:10
load of value 252 is not a valid value for type &#039;_Bool&#039;

Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used.

Published: Oct 1, 2025
Updated: Dec 15, 2025
CVE: CVE-2025-39904
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-908

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.16	6.16.8
linux / linux_kernel	6.17-rc1	6.17-rc1.x
linux / linux_kernel	6.17-rc2	6.17-rc2.x
linux / linux_kernel	6.17-rc3	6.17-rc3.x
linux / linux_kernel	6.17-rc4	6.17-rc4.x
linux / linux_kernel	6.17-rc5	6.17-rc5.x

Vulnerability Database

314,343

CVE-2025-39904

Deep Security Visibility Without the Complexity