{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40226", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.180Z", "datePublished": "2025-12-04T15:31:17.994Z", "dateUpdated": "2025-12-04T15:31:17.994Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-04T15:31:17.994Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Account for failed debug initialization\n\nWhen the SCMI debug subsystem fails to initialize, the related debug root\nwill be missing, and the underlying descriptor will be NULL.\n\nHandle this fault condition in the SCMI debug helpers that maintain\nmetrics counters."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/arm_scmi/common.h", "drivers/firmware/arm_scmi/driver.c"], "versions": [{"version": "b38812942556819263256cb77fbdc9eae7aa5b1b", "lessThan": "d719ce9f286c439795cd2beee4c91f12b84bc5a0", "status": "affected", "versionType": "git"}, {"version": "0b3d48c4726e1b20dffd2ff81a9d94d5d930220b", "lessThan": "e088efcd97cb7c7297d166bb52c3b87a29f6a0b1", "status": "affected", "versionType": "git"}, {"version": "0b3d48c4726e1b20dffd2ff81a9d94d5d930220b", "lessThan": "554c9d5c6c695aedaecfb4365c187102709397b0", "status": "affected", "versionType": "git"}, {"version": "0b3d48c4726e1b20dffd2ff81a9d94d5d930220b", "lessThan": "2290ab43b9d8eafb8046387f10a8dfa2b030ba46", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/arm_scmi/common.h", "drivers/firmware/arm_scmi/driver.c"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.115", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.56", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.6", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.92", "versionEndExcluding": "6.6.115"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.56"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.17.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d719ce9f286c439795cd2beee4c91f12b84bc5a0"}, {"url": "https://git.kernel.org/stable/c/e088efcd97cb7c7297d166bb52c3b87a29f6a0b1"}, {"url": "https://git.kernel.org/stable/c/554c9d5c6c695aedaecfb4365c187102709397b0"}, {"url": "https://git.kernel.org/stable/c/2290ab43b9d8eafb8046387f10a8dfa2b030ba46"}], "title": "firmware: arm_scmi: Account for failed debug initialization", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Account for failed debug initialization\n\nWhen the SCMI debug subsystem fails to initialize, the related debug root\nwill be missing, and the underlying descriptor will be NULL.\n\nHandle this fault condition in the SCMI debug helpers that maintain\nmetrics counters."}], "id": "CVE-2025-40226", "lastModified": "2025-12-04T17:15:08.283", "metrics": {}, "published": "2025-12-04T16:16:15.197", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2290ab43b9d8eafb8046387f10a8dfa2b030ba46"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/554c9d5c6c695aedaecfb4365c187102709397b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d719ce9f286c439795cd2beee4c91f12b84bc5a0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e088efcd97cb7c7297d166bb52c3b87a29f6a0b1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: firmware: arm_scmi: Account for failed debug initialization", "id": "2418833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418833"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfirmware: arm_scmi: Account for failed debug initialization\nWhen the SCMI debug subsystem fails to initialize, the related debug root\nwill be missing, and the underlying descriptor will be NULL.\nHandle this fault condition in the SCMI debug helpers that maintain\nmetrics counters."], "name": "CVE-2025-40226", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40226\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40226\nhttps://lore.kernel.org/linux-cve-announce/2025120458-CVE-2025-40226-4909@gregkh/T"], "threat_severity": "Moderate"}