CVE-2025-40262

EUVD-2025-201195
In the Linux kernel, the following vulnerability has been resolved:

Input: imx_sc_key - fix memory corruption on unload

This is supposed to be "priv" but we accidentally pass "&priv" which is
an address in the stack and so it will lead to memory corruption when
the imx_sc_key_action() function is called.  Remove the &.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
fixed
bookworm (security)
6.1.162-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.249-1
fixed
forky
6.18.15-1
fixed
sid
6.18.15-1
fixed
trixie
6.12.63-1
fixed
trixie (security)
6.12.73-1
fixed
linux-6.1
bullseye (security)
6.1.162-1~deb11u1
fixed
References
https://git.kernel.org/stable/c/3e96803b169dc948847f0fc2bae729a80914eb7b
https://git.kernel.org/stable/c/4ce5218b101205b3425099fe3df88a61b58f9cc2
https://git.kernel.org/stable/c/56881294915a6e866d31a46f9bcb5e19167cfbaa
https://git.kernel.org/stable/c/6524a15d33951b18ac408ebbcb9c16e14e21c336
https://git.kernel.org/stable/c/a155292c3ce722036014da5477ee0e4c87b5e6b3
https://git.kernel.org/stable/c/ca9a08de9b294422376f47ade323d69590dbc6f2
https://git.kernel.org/stable/c/d83f1512758f4ef6fc5e83219fe7eeeb6b428ea4