CVE-2025-40226

EUVD-2025-201233
In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scmi: Account for failed debug initialization

When the SCMI debug subsystem fails to initialize, the related debug root
will be missing, and the underlying descriptor will be NULL.

Handle this fault condition in the SCMI debug helpers that maintain
metrics counters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
not-affected
bookworm (security)
6.1.162-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.249-1
fixed
forky
6.18.15-1
fixed
sid
6.18.15-1
fixed
trixie
6.12.63-1
fixed
trixie (security)
6.12.73-1
fixed
References
https://git.kernel.org/stable/c/2290ab43b9d8eafb8046387f10a8dfa2b030ba46
https://git.kernel.org/stable/c/554c9d5c6c695aedaecfb4365c187102709397b0
https://git.kernel.org/stable/c/d719ce9f286c439795cd2beee4c91f12b84bc5a0
https://git.kernel.org/stable/c/e088efcd97cb7c7297d166bb52c3b87a29f6a0b1