{"id":"CVE-2025-39904","summary":"arm64: kexec: initialize kexec_buf struct in load_other_segments()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\narm64: kexec: initialize kexec_buf struct in load_other_segments()\n\nPatch series \"kexec: Fix invalid field access\".\n\nThe kexec_buf structure was previously declared without initialization. \ncommit bf454ec31add (\"kexec_file: allow to place kexec_buf randomly\")\nadded a field that is always read but not consistently populated by all\narchitectures.  This un-initialized field will contain garbage.\n\nThis is also triggering a UBSAN warning when the uninitialized data was\naccessed:\n\n\t------------[ cut here ]------------\n\tUBSAN: invalid-load in ./include/linux/kexec.h:210:10\n\tload of value 252 is not a valid value for type '_Bool'\n\nZero-initializing kexec_buf at declaration ensures all fields are cleanly\nset, preventing future instances of uninitialized memory being used.\n\nAn initial fix was already landed for arm64[0], and this patchset fixes\nthe problem on the remaining arm64 code and on riscv, as raised by Mark.\n\nDiscussions about this problem could be found at[1][2].\n\n\nThis patch (of 3):\n\nThe kexec_buf structure was previously declared without initialization.\ncommit bf454ec31add (\"kexec_file: allow to place kexec_buf randomly\")\nadded a field that is always read but not consistently populated by all\narchitectures. This un-initialized field will contain garbage.\n\nThis is also triggering a UBSAN warning when the uninitialized data was\naccessed:\n\n\t------------[ cut here ]------------\n\tUBSAN: invalid-load in ./include/linux/kexec.h:210:10\n\tload of value 252 is not a valid value for type '_Bool'\n\nZero-initializing kexec_buf at declaration ensures all fields are\ncleanly set, preventing future instances of uninitialized memory being\nused.","modified":"2026-04-02T12:48:12.311413Z","published":"2025-10-01T07:44:27.739Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39904.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/04d3cd43700a2d0fe4bfb1012a8ec7f2e34a3507"},{"type":"WEB","url":"https://git.kernel.org/stable/c/340cc9a3bd30b25edaf6a9708d41b5f2c10a054a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39904.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39904"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"bf454ec31add6790f6cdc88328e38901fcbbade6"},{"fixed":"340cc9a3bd30b25edaf6a9708d41b5f2c10a054a"},{"fixed":"04d3cd43700a2d0fe4bfb1012a8ec7f2e34a3507"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39904.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}