CVE-2025-40263
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains NULL. An invalid memory access is observed in cros_ec_keyb_process() when receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work() in such case. Unable to handle kernel read from unreadable memory at virtual address 0000000000000028 ... x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: input_event cros_ec_keyb_work blocking_notifier_call_chain ec_irq_thread It's still unknown about why the kernel receives such malformed event, in any cases, the kernel shouldn't access `ckdev->idev` and friends if the driver doesn't intend to initialize them.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-06
Generated
2026-05-07
AI Q&A
2025-12-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40263
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's cros_ec_keyb driver. If the function cros_ec_keyb_register_matrix() is not called during the probe phase (due to the 'buttons_switches_only' condition), a pointer (ckdev->idev) remains NULL. Later, when the kernel processes an EC_MKBP_EVENT_KEY_MATRIX event, it attempts to access this NULL pointer, causing an invalid memory access (kernel read from unreadable memory). This leads to a kernel crash or instability because the driver accesses memory it should not if it hasn't initialized certain components.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash or become unstable due to invalid memory access. This can lead to denial of service conditions where the system becomes unresponsive or requires a reboot. It may affect system reliability and availability, especially on devices using the affected cros_ec_keyb driver.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart