Input: cros_ec_keyb - fix an invalid memory access
Summary
| CVE | CVE-2025-40263 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-12-04 16:16:20 UTC |
| Updated | 2026-06-02 14:16:32 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains NULL. An invalid memory access is observed in cros_ec_keyb_process() when receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work() in such case. Unable to handle kernel read from unreadable memory at virtual address 0000000000000028 ... x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: input_event cros_ec_keyb_work blocking_notifier_call_chain ec_irq_thread It's still unknown about why the kernel receives such malformed event, in any cases, the kernel shouldn't access `ckdev->idev` and friends if the driver doesn't intend to initialize them. |
Risk And Classification
EPSS: 0.000370000 probability, percentile 0.113680000 (date 2026-06-08)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0 d74864291cb8bd784d44d1d02e87109cf88666bb git | Not specified |
| CNA | Linux | Linux | affected ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0 9cf59f4724a9ee06ebb06c76b8678ac322e850b7 git | Not specified |
| CNA | Linux | Linux | affected ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0 6d81068685154535af06163eb585d6d9663ec7ec git | Not specified |
| CNA | Linux | Linux | affected ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0 2d251c15c27e2dd16d6318425d2f7260cbd47d39 git | Not specified |
| CNA | Linux | Linux | affected ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0 e08969c4d65ac31297fcb4d31d4808c789152f68 git | Not specified |
| CNA | Linux | Linux | affected 5.19 | Not specified |
| CNA | Linux | Linux | unaffected 5.19 semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.159 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.118 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.60 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.17.10 6.17.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18 * original_commit_for_fix | Not specified |
| ADP | Siemens | RUGGEDCOM RST2428P | affected V4.0 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/e08969c4d65ac31297fcb4d31d4808c789152f68 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/9cf59f4724a9ee06ebb06c76b8678ac322e850b7 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/d74864291cb8bd784d44d1d02e87109cf88666bb | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| cert-portal.siemens.com/productcert/html/ssa-253495.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| git.kernel.org/stable/c/6d81068685154535af06163eb585d6d9663ec7ec | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/2d251c15c27e2dd16d6318425d2f7260cbd47d39 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.