CVE-2025-40060
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-28

Last updated on: 2025-10-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL pointer for allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code "-ENOMEM". However, the caller etm_setup_aux() only checks for a NULL pointer, so it misses the error. As a result, the driver continues and eventually causes a kernel panic. Fix this by returning a NULL pointer from arm_trbe_alloc_buffer() on allocation failures. This allows that the callers can properly handle the failure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-28
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40060
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anubis anubis 1.22.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's TRBE driver where, upon failing to allocate a buffer, the driver returns an error code (-ENOMEM) instead of a NULL pointer. The caller function etm_setup_aux() only checks for a NULL pointer to detect allocation failure, so it misses the error code. This causes the driver to continue operating incorrectly, eventually leading to a kernel panic. The fix changes the driver to return a NULL pointer on allocation failure, allowing proper error handling.

Impact Analysis

The vulnerability can cause a kernel panic, which is a system crash in the Linux kernel. This can lead to system instability, downtime, and potential loss of data or service availability.

Mitigation Strategies

Update the Linux kernel to a version that includes the fix for this vulnerability, where the TRBE driver returns a NULL pointer on allocation failures instead of an error code. This prevents kernel panic by allowing proper error handling in the driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40060. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart