CVE-2025-40263

If croseckeybregistermatrix() isn't called (due to buttons_switches_only) in croseckeybprobe(), ckdev->idev remains NULL. An invalid memory access is observed in croseckeybprocess() when receiving an ECMKBPEVENTKEYMATRIX event in croseckeyb_work() in such case.

Unable to handle kernel read from unreadable memory at virtual address 0000000000000028 ... x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: inputevent croseckeybwork blockingnotifiercallchain ecirq_thread

It's still unknown about why the kernel receives such malformed event, in any cases, the kernel shouldn't access ckdev->idev and friends if the driver doesn't intend to initialize them.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40263.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0

Fixed

d74864291cb8bd784d44d1d02e87109cf88666bb

Fixed

9cf59f4724a9ee06ebb06c76b8678ac322e850b7

Fixed

6d81068685154535af06163eb585d6d9663ec7ec

Fixed

2d251c15c27e2dd16d6318425d2f7260cbd47d39

Fixed

e08969c4d65ac31297fcb4d31d4808c789152f68

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40263.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.19.0

Fixed

6.1.159

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.118

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.60

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.10

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40263.json"