In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an...
🔗 CVE IDs covered (1)
📋 Description
In the Linux kernel, the following vulnerability has been resolved:
Input: cros_ec_keyb - fix an invalid memory access
If cros_ec_keyb_register_matrix() isn't called (due to
buttons_switches_only) in cros_ec_keyb_probe(), ckdev->idev remains
NULL. An invalid memory access is observed in cros_ec_keyb_process()
when receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work()
in such case.
Unable to handle kernel read from unreadable memory at virtual address 0000000000000028 ... x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: input_event cros_ec_keyb_work blocking_notifier_call_chain ec_irq_thread
It's still unknown about why the kernel receives such malformed event,
in any cases, the kernel shouldn't access ckdev->idev and friends if
the driver doesn't intend to initialize them.
🔗 References (11)
- https://nvd.nist.gov/vuln/detail/CVE-2025-40263
- https://git.kernel.org/stable/c/2d251c15c27e2dd16d6318425d2f7260cbd47d39
- https://git.kernel.org/stable/c/6d81068685154535af06163eb585d6d9663ec7ec
- https://git.kernel.org/stable/c/7bfd959187f2c7584bb43280bbc7b2846e7a5085
- https://git.kernel.org/stable/c/9cf59f4724a9ee06ebb06c76b8678ac322e850b7
- https://git.kernel.org/stable/c/e08969c4d65ac31297fcb4d31d4808c789152f68
- https://git.kernel.org/stable/c/729d21c82c1b0504ffccb17cc261bf32e024fd0f
- https://git.kernel.org/stable/c/8b5ae1521660c16fa830ff17d16e650b4905b71a
- https://git.kernel.org/stable/c/d74864291cb8bd784d44d1d02e87109cf88666bb
- https://cert-portal.siemens.com/productcert/html/ssa-253495.html
- https://github.com/advisories/GHSA-r3v3-c3jq-3938