DEBIAN-CVE-2025-40226

DEBIAN-CVE-2025-40226 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the SCMI debug helpers that maintain metrics counters.

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 6.12.38-1, 6.12.41-1
Debian:14	linux	6.13.10-1~exp1, 6.13.11-1~exp1, 6.13.2-1~exp1

Exploit Intelligence

4081.3.7.yml (github-poc)

Timeline

Dec 4, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-40226 advisory

Open in Interactive Console →