CVE-2025-40226

high

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the SCMI debug helpers that maintain metrics counters.

References

https://git.kernel.org/stable/c/e088efcd97cb7c7297d166bb52c3b87a29f6a0b1

https://git.kernel.org/stable/c/d719ce9f286c439795cd2beee4c91f12b84bc5a0

https://git.kernel.org/stable/c/554c9d5c6c695aedaecfb4365c187102709397b0

https://git.kernel.org/stable/c/2290ab43b9d8eafb8046387f10a8dfa2b030ba46

Details

Source: Mitre, NVD

Published: 2025-12-04

Updated: 2025-12-04

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00018