CVE-2025-71119 Overview
A vulnerability has been resolved in the Linux kernel affecting the PowerPC architecture's kexec implementation. When SMT (Simultaneous Multi-Threading) is disabled or a partial SMT state is enabled, loading a new kernel image for kexec results in a kernel warning during reboot when attempting to wake offline CPUs. The issue occurs because add_cpu() fails due to cpu_bootable() returning false for CPUs that fail the cpu_smt_thread_allowed() check or non-primary threads when SMT is disabled.
Critical Impact
Systems running PowerPC architecture with modified SMT configurations may experience kernel warnings and potential instability during kexec reboot operations, affecting system reliability and boot integrity.
Affected Products
- Linux kernel (PowerPC architecture)
- Systems utilizing kexec for kernel reboot
- PowerPC systems with modified SMT configurations
Discovery Timeline
- 2026-01-14 - CVE CVE-2025-71119 published to NVD
- 2026-01-14 - Last updated in NVD database
Technical Details for CVE-2025-71119
Vulnerability Analysis
This vulnerability exists within the PowerPC architecture's kexec subsystem, specifically in the CPU preparation routines executed during kernel reboot operations. When a system has SMT disabled or operates in a partial SMT state, the kexec mechanism encounters failures when attempting to bring offline CPUs back online.
The call trace indicates the issue manifests in kexec_prepare_cpus() at offset +0x1b0/0x1bc within arch/powerpc/kexec/core_64.c:223. The failure propagates through default_machine_kexec(), machine_kexec(), kernel_kexec(), and ultimately through the system call path via __do_sys_reboot().
The root cause lies in the ordering of operations during kexec preparation. The system attempts to wake all present CPUs before ensuring SMT is properly enabled, causing cpu_bootable() to return false for threads that don't pass the cpu_smt_thread_allowed() validation.
Root Cause
The vulnerability stems from an incorrect sequence of operations in the kexec CPU preparation logic. When kexec attempts to wake offline CPUs, it does so without first enabling SMT and resetting the number of SMT threads to match the number of threads per core. This causes the cpu_bootable() function to reject CPUs that would otherwise be valid targets for wake operations.
The fix addresses this by enabling SMT and resetting the SMT thread count to the per-core thread count before attempting to wake all present CPUs, ensuring all threads pass the cpu_smt_thread_allowed() check.
Attack Vector
This is a local vulnerability that requires the ability to perform kexec operations on a PowerPC system with modified SMT settings. The attack vector involves:
- A system configured with SMT disabled or in a partial SMT state
- An attempt to perform a kexec reboot operation
- The kernel encountering the warning condition when preparing CPUs for the new kernel image
The vulnerability primarily affects system stability and reliability rather than providing direct exploitation pathways. The warning indicates improper CPU state management that could lead to unpredictable behavior during critical boot transitions.
Detection Methods for CVE-2025-71119
Indicators of Compromise
- Kernel warning messages containing kexec: Waking offline cpu followed by a CPU number
- WARNING traces pointing to kexec_prepare_cpus+0x1b0/0x1bc in kernel logs
- Call traces showing the sequence: kexec_prepare_cpus → default_machine_kexec → machine_kexec → kernel_kexec
- System instability or unexpected behavior during kexec reboot operations on PowerPC systems
Detection Strategies
- Monitor kernel logs (dmesg, /var/log/kern.log) for WARNING entries related to kexec_prepare_cpus
- Implement alerting for unexpected CPU wake failures during kexec operations
- Audit systems for PowerPC architecture with non-default SMT configurations
- Track kexec reboot failures or extended reboot times that may indicate this condition
Monitoring Recommendations
- Configure syslog monitoring for PowerPC kernel warnings related to kexec and CPU management
- Establish baseline metrics for kexec reboot timing and alert on anomalies
- Monitor SMT state changes on production PowerPC systems
- Implement kernel log analysis for the specific call trace pattern associated with this vulnerability
How to Mitigate CVE-2025-71119
Immediate Actions Required
- Apply the kernel patches available through the official kernel git repositories
- Review SMT configurations on PowerPC systems that utilize kexec functionality
- Test kexec operations in non-production environments after applying patches
- Temporarily avoid kexec operations on affected systems with modified SMT settings until patched
Patch Information
The fix has been committed to the stable kernel branches and is available through multiple git commits. The patch enables SMT and resets the number of SMT threads to the number of threads per core before attempting to wake up all present CPUs during kexec preparation.
Verified patch commits are available:
- Kernel Git Commit 0d5c9e9
- Kernel Git Commit 7cccd82
- Kernel Git Commit c2296a1
- Kernel Git Commit d790ef0
- Kernel Git Commit f0c0a68
Workarounds
- Enable full SMT before performing kexec operations to avoid triggering the vulnerable code path
- Use traditional reboot mechanisms instead of kexec on affected systems until patches are applied
- Avoid modifying SMT settings on systems that rely on kexec for kernel updates
- Consider scheduling kexec operations with full SMT enabled as part of maintenance procedures
# Configuration example
# Check current SMT status on PowerPC systems
ppc64_cpu --smt
# Enable full SMT before kexec operations (temporary workaround)
ppc64_cpu --smt=on
# Verify SMT state
cat /sys/devices/system/cpu/smt/control
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
