CVE-2025-40226

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scmi: Account for failed debug initialization

When the SCMI debug subsystem fails to initialize, the related debug root
will be missing, and the underlying descriptor will be NULL.

Handle this fault condition in the SCMI debug helpers that maintain
metrics counters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bookworm
6.1.159-1
not-affected
bullseye (security)
5.10.247-1
fixed
bookworm (security)
6.1.158-1
fixed
trixie
6.12.63-1
fixed
trixie (security)
vulnerable
forky
6.17.13-1
fixed
sid
6.18.5-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/2290ab43b9d8eafb8046387f10a8dfa2b030ba46
https://git.kernel.org/stable/c/554c9d5c6c695aedaecfb4365c187102709397b0
https://git.kernel.org/stable/c/d719ce9f286c439795cd2beee4c91f12b84bc5a0
https://git.kernel.org/stable/c/e088efcd97cb7c7297d166bb52c3b87a29f6a0b1