{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40263","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.182Z","datePublished":"2025-12-04T16:08:23.327Z","dateUpdated":"2026-05-11T21:45:57.409Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:45:57.409Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nInput: cros_ec_keyb - fix an invalid memory access\n\nIf cros_ec_keyb_register_matrix() isn't called (due to\n`buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains\nNULL.  An invalid memory access is observed in cros_ec_keyb_process()\nwhen receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work()\nin such case.\n\n  Unable to handle kernel read from unreadable memory at virtual address 0000000000000028\n  ...\n  x3 : 0000000000000000 x2 : 0000000000000000\n  x1 : 0000000000000000 x0 : 0000000000000000\n  Call trace:\n  input_event\n  cros_ec_keyb_work\n  blocking_notifier_call_chain\n  ec_irq_thread\n\nIt's still unknown about why the kernel receives such malformed event,\nin any cases, the kernel shouldn't access `ckdev->idev` and friends if\nthe driver doesn't intend to initialize them."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/input/keyboard/cros_ec_keyb.c"],"versions":[{"version":"ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0","lessThan":"d74864291cb8bd784d44d1d02e87109cf88666bb","status":"affected","versionType":"git"},{"version":"ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0","lessThan":"9cf59f4724a9ee06ebb06c76b8678ac322e850b7","status":"affected","versionType":"git"},{"version":"ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0","lessThan":"6d81068685154535af06163eb585d6d9663ec7ec","status":"affected","versionType":"git"},{"version":"ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0","lessThan":"2d251c15c27e2dd16d6318425d2f7260cbd47d39","status":"affected","versionType":"git"},{"version":"ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0","lessThan":"e08969c4d65ac31297fcb4d31d4808c789152f68","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/input/keyboard/cros_ec_keyb.c"],"versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","status":"unaffected","versionType":"semver"},{"version":"6.1.159","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.118","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.60","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.10","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.1.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.6.118"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.12.60"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.17.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d74864291cb8bd784d44d1d02e87109cf88666bb"},{"url":"https://git.kernel.org/stable/c/9cf59f4724a9ee06ebb06c76b8678ac322e850b7"},{"url":"https://git.kernel.org/stable/c/6d81068685154535af06163eb585d6d9663ec7ec"},{"url":"https://git.kernel.org/stable/c/2d251c15c27e2dd16d6318425d2f7260cbd47d39"},{"url":"https://git.kernel.org/stable/c/e08969c4d65ac31297fcb4d31d4808c789152f68"}],"title":"Input: cros_ec_keyb - fix an invalid memory access","x_generator":{"engine":"bippy-1.2.0"}}}}