CVE-2025-40263

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Input: cros_ec_keyb - fix an invalid memory access<br /> <br /> If cros_ec_keyb_register_matrix() isn&amp;#39;t called (due to<br /> `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev-&gt;idev` remains<br /> NULL. An invalid memory access is observed in cros_ec_keyb_process()<br /> when receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work()<br /> in such case.<br /> <br /> Unable to handle kernel read from unreadable memory at virtual address 0000000000000028<br /> ...<br /> x3 : 0000000000000000 x2 : 0000000000000000<br /> x1 : 0000000000000000 x0 : 0000000000000000<br /> Call trace:<br /> input_event<br /> cros_ec_keyb_work<br /> blocking_notifier_call_chain<br /> ec_irq_thread<br /> <br /> It&amp;#39;s still unknown about why the kernel receives such malformed event,<br /> in any cases, the kernel shouldn&amp;#39;t access `ckdev-&gt;idev` and friends if<br /> the driver doesn&amp;#39;t intend to initialize them.