CVE-2025-40060

28.10.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

coresight: trbe: Return NULL pointer for allocation failures

When the TRBE driver fails to allocate a buffer, it currently returns
the error code "-ENOMEM". However, the caller etm_setup_aux() only
checks for a NULL pointer, so it misses the error. As a result, the
driver continues and eventually causes a kernel panic.

Fix this by returning a NULL pointer from arm_trbe_alloc_buffer() on
allocation failures. This allows that the callers can properly handle
the failure.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.244-1 fixed
bookworm	vulnerable
bookworm (security)	vulnerable
trixie	vulnerable
trixie (security)	vulnerable
forky	vulnerable
sid	vulnerable

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um beliebigen Code auszuführen, privilegierten Zugriff zu erlangen, sensible Informationen zu stehlen oder betroffene Systeme funktionsunfähig zu machen.
Published: 2025-10-28T23:00:00+00:00

References

https://git.kernel.org/stable/c/296da78494633e1ab5e2e74173a9c8683b04aa6b

https://git.kernel.org/stable/c/8a55c161f7f9c1aa1c70611b39830d51c83ef36d

https://git.kernel.org/stable/c/9768536f82600a05ce901e31ccfabd92c027ff71

https://git.kernel.org/stable/c/cef047e0a55cb07906fcaae99170f19a9c0bb6c2

https://git.kernel.org/stable/c/f505a165f1c7cd37b4cb6952042a5984693a4067

https://git.kernel.org/stable/c/fe53a726d5edf864e80b490780cc135fc1adece9