-
CVE-2025-40263
- EPSS 0.17%
- Veröffentlicht 04.12.2025 16:16:20
- Zuletzt bearbeitet 02.06.2026 14:16:32
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
Input: cros_ec_keyb - fix an invalid memory access
In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains NULL. An invalid memory access is observed in cros_ec_keyb_process() when receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work() in such case. Unable to handle kernel read from unreadable memory at virtual address 0000000000000028 ... x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: input_event cros_ec_keyb_work blocking_notifier_call_chain ec_irq_thread It's still unknown about why the kernel receives such malformed event, in any cases, the kernel shouldn't access `ckdev->idev` and friends if the driver doesn't intend to initialize them.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
≫
Produkt
RUGGEDCOM RST2428P
Default Statusunknown
Version
0
Version <
V4.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.063 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|
https://git.kernel.org/stable/c/2d251c15c27e2dd16d6318425d2f7260cbd47d39
https://git.kernel.org/stable/c/6d81068685154535af06163eb585d6d9663ec7ec
https://git.kernel.org/stable/c/9cf59f4724a9ee06ebb06c76b8678ac322e850b7
https://git.kernel.org/stable/c/e08969c4d65ac31297fcb4d31d4808c789152f68
https://git.kernel.org/stable/c/d74864291cb8bd784d44d1d02e87109cf88666bb
https://cert-portal.siemens.com/productcert/html/ssa-253495.html