Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]of_numa: fix uninitialized memory nodes causing kernel panic[EOL][EOL]When there are memory-only nodes (nodes without CPUs), these nodes are not[EOL]properly initialized, causing kernel panic during boot.[EOL][EOL]of_numa_init[EOL]\tof_numa_parse_cpu_nodes[EOL]\t\tnode_set(nid, numa_nodes_parsed);[EOL]\tof_numa_parse_memory_nodes[EOL][EOL]In of_numa_parse_cpu_nodes, numa_nodes_parsed gets updated only for nodes[EOL]containing CPUs.  Memory-only nodes should have been updated in[EOL]of_numa_parse_memory_nodes, but they weren't.[EOL][EOL]Subsequently, when free_area_init() attempts to access NODE_DATA() for[EOL]these uninitialized memory nodes, the kernel panics due to NULL pointer[EOL]dereference.[EOL][EOL]This can be reproduced on ARM64 QEMU with 1 CPU and 2 memory nodes:[EOL][EOL]qemu-system-aarch64 -cpu host -nographic -m 4G -smp 1 -machine virt,accel=kvm,gic-version=3,iommu=smmuv3 -object memory-backend-ram,size=2G,id=mem0 -object memory-backend-ram,size=2G,id=mem1 -numa node,nodeid=0,memdev=mem0 -numa node,nodeid=1,memdev=mem1 -kernel $IMAGE -hda $DISK -append "console=ttyAMA0 root=/dev/vda rw earlycon"[EOL][EOL][    0.000000] Booting Linux on physical CPU 0x0000000000 [0x481fd010][EOL][    0.000000] Linux version 6.17.0-rc1-00001-gabb4b3daf18c-dirty (yintirui@local) (gcc (GCC) 12.3.1, GNU ld (GNU Binutils) 2.41) #52 SMP PREEMPT Mon Aug 18 09:49:40 CST 2025[EOL][    0.000000] KASLR enabled[EOL][    0.000000] random: crng init done[EOL][    0.000000] Machine model: linux,dummy-virt[EOL][    0.000000] efi: UEFI not found.[EOL][    0.000000] earlycon: pl11 at MMIO 0x0000000009000000 (options '')[EOL][    0.000000] printk: legacy bootconsole [pl11] enabled[EOL][    0.000000] OF: reserved mem: Reserved memory: No reserved-memory node in the DT[EOL][    0.000000] NODE_DATA(0) allocated [mem 0xbfffd9c0-0xbfffffff][EOL][    0.000000] node 1 must be removed before remove section 23[EOL][    0.000000] Zone ranges:[EOL][    0.000000]   DMA      [mem 0x0000000040000000-0x00000000ffffffff][EOL][    0.000000]   DMA32    empty[EOL][    0.000000]   Normal   [mem 0x0000000100000000-0x000000013fffffff][EOL][    0.000000] Movable zone start for each node[EOL][    0.000000] Early memory node ranges[EOL][    0.000000]   node   0: [mem 0x0000000040000000-0x00000000bfffffff][EOL][    0.000000]   node   1: [mem 0x00000000c0000000-0x000000013fffffff][EOL][    0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x00000000bfffffff][EOL][    0.000000] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0[EOL][    0.000000] Mem abort info:[EOL][    0.000000]   ESR = 0x0000000096000004[EOL][    0.000000]   EC = 0x25: DABT (current EL), IL = 32 bits[EOL][    0.000000]   SET = 0, FnV = 0[EOL][    0.000000]   EA = 0, S1PTW = 0[EOL][    0.000000]   FSC = 0x04: level 0 translation fault[EOL][    0.000000] Data abort info:[EOL][    0.000000]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000[EOL][    0.000000]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0[EOL][    0.000000]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0[EOL][    0.000000] [00000000000000a0] user address but active_mm is swapper[EOL][    0.000000] Internal error: Oops: 0000000096000004 [#1]  SMP[EOL][    0.000000] Modules linked in:[EOL][    0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.17.0-rc1-00001-g760c6dabf762-dirty #54 PREEMPT[EOL][    0.000000] Hardware name: linux,dummy-virt (DT)[EOL][    0.000000] pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)[EOL][    0.000000] pc : free_area_init+0x50c/0xf9c[EOL][    0.000000] lr : free_area_init+0x5c0/0xf9c[EOL][    0.000000] sp : ffffa02ca0f33c00[EOL][    0.000000] x29: ffffa02ca0f33cb0 x28: 0000000000000000 x27: 0000000000000000[EOL][    0.000000] x26: 4ec4ec4ec4ec4ec5 x25: 00000000000c0000 x24: 00000000000c0000[EOL][    0.000000] x23: 0000000000040000 x22: 0000000000000000 x21: ffffa02ca0f3b368[EOL][    0.000000] x20: ffffa02ca14c7b98 x19: 0000000000000000 x18: 0000000000000002[EOL][    0.000000] x17: 000000000000cacc x16: 0000000000000001 x15: 0000000000000001[EOL][    0.000000] x14: 0000000080000000 x13: 0000000000000018 x12: 0000000000000002[EOL][    0.0[EOL]---truncated---

CVEs

• CVE-2025-39903