CVE-2025-71139

In the Linux kernel, the following vulnerability has been resolved:

kernel/kexec: fix IMA when allocation happens in CMA area

*** Bug description ***

When I tested kexec with the latest kernel, I ran into the following warning:

[ 40.712410] ------------[ cut here ]------------ [ 40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexeccore.c:1001 kimagemapsegment+0x144/0x198 [...] [ 40.816047] Call trace: [ 40.818498] kimagemapsegment+0x144/0x198 (P) [ 40.823221] imakexecpostload+0x58/0xc0 [ 40.827246] __dosyskexecfileload+0x29c/0x368 [...] [ 40.855423] ---[ end trace 0000000000000000 ]---

*** How to reproduce ***

This bug is only triggered when the kexec target address is allocated in the CMA area. If no CMA area is reserved in the kernel, use the "cma=" option in the kernel command line to reserve one.

*** Root cause *** The commit 07d24902977e ("kexec: enable CMA based contiguous allocation") allocates the kexec target address directly on the CMA area to avoid copying during the jump. In this case, there is no INDSOURCE for the kexec segment. But the current implementation of kimagemapsegment() assumes that INDSOURCE pages exist and map them into a contiguous virtual address by vmap().

*** Solution *** If IMA segment is allocated in the CMA area, use its page_address() directly.