This vulnerability arises in the Linux kernel's IMA subsystem on x86_64 architectures when a second‑stage kernel is loaded via kexec while the boot command line limits the available memory (for example, using mem=<size>). The IMA measurement buffer handed over from the prior kernel may be located outside the addressable RAM of the new kernel. Accessing such a buffer during the early restore phase triggers an unhandled page fault, causing a kernel panic. The flaw corresponds to out‑of‑bounds memory access.

The problem is present in all Linux kernel implementations that have not yet incorporated the third commit of the patch series "Address page fault in ima_restore_measurement_list()". The fix is deployed on aarch64 architectures in earlier commits, but for x86_64 the vulnerability remains in kernels prior to the introduction of the ima_validate_range() helper. All affected machines running a vulnerable kernel version, regardless of vendor distribution, are at risk when they support kexec with a memory‑limiting command line.

The CVSS score of 5.5 categorizes this issue as moderate severity. The EPSS score of < 1% indicates a very low but non‑zero exploitation probability, and the flaw is not listed in the CISA KEV catalog. The vulnerability can cause a kernel panic during early IMA restoration, resulting in a denial of service for the entire system. The flaw requires that the second‑stage kernel be booted via kexec with a mem=<size> limiting argument that allows an IMA buffer to lie outside addressable RAM. Based on the description, it is inferred that an attacker would need the ability to initiate a kexec load or otherwise influence the boot process. Such capability is typically restricted to privileged or local users, so the exploitation probability is likely low under normal operating conditions but could rise if an attacker can set a crafted mem= parameter or trigger kexec.