Linux Kernel SCMI Debug Subsystem Vulnerability Affecting Firmware
CVE-2025-40226

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40226?

A vulnerability in the Linux kernel's firmware affects the SCMI debug subsystem, leading to issues when the debug initialization fails. In such cases, the associated debug root may not be established, causing the underlying descriptor to be NULL. This could lead to faults in the SCMI debug helpers responsible for tracking metrics counters, though the kernel has addressed this issue to enhance the system's stability and reliability.

Affected Version(s)

Linux b38812942556819263256cb77fbdc9eae7aa5b1b

Linux 0b3d48c4726e1b20dffd2ff81a9d94d5d930220b

Linux 0b3d48c4726e1b20dffd2ff81a9d94d5d930220b < 554c9d5c6c695aedaecfb4365c187102709397b0

References

https://git.kernel.org/stable/c/d719ce9f286c439795cd2beee...

https://git.kernel.org/stable/c/e088efcd97cb7c7297d166bb5...

https://git.kernel.org/stable/c/554c9d5c6c695aedaecfb4365...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON