CVE-2025-40060
BaseFortify
Publication date: 2025-10-28
Last updated on: 2025-10-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anubis | anubis | 1.22.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's TRBE driver where, upon failing to allocate a buffer, the driver returns an error code (-ENOMEM) instead of a NULL pointer. The caller function etm_setup_aux() only checks for a NULL pointer to detect allocation failure, so it misses the error code. This causes the driver to continue operating incorrectly, eventually leading to a kernel panic. The fix changes the driver to return a NULL pointer on allocation failure, allowing proper error handling.
How can this vulnerability impact me? :
The vulnerability can cause a kernel panic, which is a system crash in the Linux kernel. This can lead to system instability, downtime, and potential loss of data or service availability.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version that includes the fix for this vulnerability, where the TRBE driver returns a NULL pointer on allocation failures instead of an error code. This prevents kernel panic by allowing proper error handling in the driver.