Invalid Memory Access in Linux Kernel Cros EC Keyboard Driver
CVE-2025-40263

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 December 2025

What is CVE-2025-40263?

The Linux kernel's cros_ec_keyb driver contains a vulnerability where an invalid memory access occurs if the initialization function cros_ec_keyb_register_matrix() is not called. This issue arises when the driver receives an EC_MKBP_EVENT_KEY_MATRIX event without proper initialization, resulting in a failure to correctly handle the kernel's read operation from a null memory address. This vulnerability could potentially lead to system instability or exposure to further attacks, as the kernel accesses members that should remain uninitialized.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0

Linux ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0 < 9cf59f4724a9ee06ebb06c76b8678ac322e850b7

Linux ca1eadbfcd36bec73f2a2111c28e8c7e9e8ae6c0 < 6d81068685154535af06163eb585d6d9663ec7ec

References

https://git.kernel.org/stable/c/d74864291cb8bd784d44d1d02...
https://git.kernel.org/stable/c/9cf59f4724a9ee06ebb06c76b...
https://git.kernel.org/stable/c/6d81068685154535af06163eb...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.