[Bug 295521] kexec subsystem panics on invalid/malformed arguments instead of returning EINVAL

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 295521] kexec subsystem panics on invalid/malformed arguments instead of returning EINVAL"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 295521] kexec subsystem panics on invalid/malformed arguments instead of returning EINVAL"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 23 May 2026 14:32:11 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295521

            Bug ID: 295521
           Summary: kexec subsystem panics on invalid/malformed arguments
                    instead of returning EINVAL
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: cs.lee@opcia.kr

Reclassified per secteam guidance — originally reported to secteam@FreeBSD.org.

The kexec subsystem in sys/kern/kern_kexec.c triggers a kernel panic when
processing invalid or malformed arguments due to missing input validation. A
privileged user (root) can crash the kernel.

Since root already has equivalent kernel access through other mechanisms,
secteam
classified this as a stability bug rather than a security issue.

Suggested fix: Add input validation checks before processing kexec arguments.
Validate that pointer arguments are non-null and size parameters are within
expected bounds. Return EINVAL for malformed input instead of panicking.

-- 
You are receiving this mail because:
You are the assignee for the bug.