https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295521
Bug ID: 295521
Summary: kexec subsystem panics on invalid/malformed arguments
instead of returning EINVAL
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Reclassified per secteam guidance — originally reported to [email protected].
The kexec subsystem in sys/kern/kern_kexec.c triggers a kernel panic when
processing invalid or malformed arguments due to missing input validation. A
privileged user (root) can crash the kernel.
Since root already has equivalent kernel access through other mechanisms,
secteam
classified this as a stability bug rather than a security issue.
Suggested fix: Add input validation checks before processing kexec arguments.
Validate that pointer arguments are non-null and size parameters are within
expected bounds. Return EINVAL for malformed input instead of panicking.
--
You are receiving this mail because:
You are the assignee for the bug.
