CVE-2025-39904

In the Linux kernel, the following vulnerability has been resolved:

arm64: kexec: initialize kexecbuf struct in loadother_segments()

Patch series "kexec: Fix invalid field access".

The kexecbuf structure was previously declared without initialization. commit bf454ec31add ("kexecfile: allow to place kexec_buf randomly") added a field that is always read but not consistently populated by all architectures. This un-initialized field will contain garbage.

This is also triggering a UBSAN warning when the uninitialized data was accessed:

------------[ cut here ]------------
UBSAN: invalid-load in ./include/linux/kexec.h:210:10
load of value 252 is not a valid value for type '_Bool'

Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used.

An initial fix was already landed for arm64[0], and this patchset fixes the problem on the remaining arm64 code and on riscv, as raised by Mark.

Discussions about this problem could be found at[1][2].

This patch (of 3):

The kexecbuf structure was previously declared without initialization. commit bf454ec31add ("kexecfile: allow to place kexec_buf randomly") added a field that is always read but not consistently populated by all architectures. This un-initialized field will contain garbage.

This is also triggering a UBSAN warning when the uninitialized data was accessed:

------------[ cut here ]------------
UBSAN: invalid-load in ./include/linux/kexec.h:210:10
load of value 252 is not a valid value for type '_Bool'

Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used.