CVE-2025-40226

Linux Kernel - Null Pointer Dereference in SCMI Debug Helpers

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the SCMI debug helpers that maintain metrics counters.

Scores

EPSS 0.0017
EPSS Percentile 7.1%

Details

Status published
Products (14)
linux/Kernel < 6.6.115linux
linux/Kernel 6.12.0 - 6.17.6linux
linux/Kernel 6.7.0 - 6.12.56linux
Linux/Linux < 6.12
Linux/Linux 0b3d48c4726e1b20dffd2ff81a9d94d5d930220b - 2290ab43b9d8eafb8046387f10a8dfa2b030ba46
Linux/Linux 0b3d48c4726e1b20dffd2ff81a9d94d5d930220b - 554c9d5c6c695aedaecfb4365c187102709397b0
Linux/Linux 0b3d48c4726e1b20dffd2ff81a9d94d5d930220b - e088efcd97cb7c7297d166bb52c3b87a29f6a0b1
Linux/Linux 6.12
Linux/Linux 6.12.56 - 6.12.*
Linux/Linux 6.17.6 - 6.17.*
... and 4 more
Published Dec 04, 2025
Tracked Since Feb 18, 2026