CVE-2025-39904

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue where the kexec buf structure was declared without initialization. This could lead to the use of uninitialized memory, triggering a UBSAN (Undefined Behavior Sanitizer) warning when accessing an uninitialized field within the structure. The issue was identified during the loading of other segments and addressed by zero-initializing the kexec buf structure at its declaration to ensure all fields are properly set. The problem was initially observed on arm64 architectures and subsequently extended to riscv. The kexec buf structure is used in the kexec functionality, which allows for fast booting of a new kernel without going through the traditional bootloader process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.