DEBIAN-CVE-2025-40263
In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains NULL. An invalid memory access is observed in cros_ec_keyb_process() when receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work() in such case. Unable to handle kernel read from unreadable memory at virtual address 0000000000000028 ... x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: input_event cros_ec_keyb_work blocking_notifier_call_chain ec_irq_thread It's still unknown about why the kernel receives such malformed event, in any cases, the kernel shouldn't access `ckdev->idev` and friends if the driver doesn't intend to initialize them.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 6.1.106-2, 6.1.137-1, 6.1.139-1 |
| Debian:11 | linux-6.1 | 6.1.140-1~deb11u1, 6.1.137-1~deb11u1, 6.1.129-1~deb11u1 |
| Debian:13 | linux | 6.12.43-1, 6.12.48-1, 6.12.57-1 |
| Debian:14 | linux | 6.14.6-1, 6.12.41-1, 6.12.43-1 |
| Debian:11 | linux | 5.10.226-1, 5.10.237-1, 5.10.244-1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Dec 4, 2025 CVE Published
- Apr 28, 2026 CVE Updated