CVE-2025-40262 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: Input: imx_sc_key - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an address in the stack and so it will lead to memory corruption when the imx_sc_key_action() function is called. Remove the &.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/56881294915a6e866d31a46f9bcb5e19167cfbaa
https://git.kernel.org/stable/c/6524a15d33951b18ac408ebbcb9c16e14e21c336
https://git.kernel.org/stable/c/ca9a08de9b294422376f47ade323d69590dbc6f2
https://git.kernel.org/stable/c/d83f1512758f4ef6fc5e83219fe7eeeb6b428ea4

History

Thu, 04 Dec 2025 16:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: Input: imx_sc_key - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an address in the stack and so it will lead to memory corruption when the imx_sc_key_action() function is called. Remove the &.
Title		Input: imx_sc_key - fix memory corruption on unload
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/56881294915a6e866d31a46f9bcb5e19167cfbaa https://git.kernel.org/stable/c/6524a15d33951b18ac408ebbcb9c16e14e21c336 https://git.kernel.org/stable/c/ca9a08de9b294422376f47ade323d69590dbc6f2 https://git.kernel.org/stable/c/d83f1512758f4ef6fc5e83219fe7eeeb6b428ea4

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-04T16:08:22.043Z

Updated: 2025-12-04T16:08:22.043Z

Reserved: 2025-04-16T07:20:57.182Z

Link: CVE-2025-40262

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-04T16:16:20.200

Modified: 2025-12-04T17:15:08.283

Link: CVE-2025-40262

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40262", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.182Z", "datePublished": "2025-12-04T16:08:22.043Z", "dateUpdated": "2025-12-04T16:08:22.043Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-04T16:08:22.043Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: imx_sc_key - fix memory corruption on unload\n\nThis is supposed to be \"priv\" but we accidentally pass \"&priv\" which is\nan address in the stack and so it will lead to memory corruption when\nthe imx_sc_key_action() function is called. Remove the &."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/input/keyboard/imx_sc_key.c"], "versions": [{"version": "768062fd1284529212daffd360314e9aa93abb62", "lessThan": "ca9a08de9b294422376f47ade323d69590dbc6f2", "status": "affected", "versionType": "git"}, {"version": "768062fd1284529212daffd360314e9aa93abb62", "lessThan": "56881294915a6e866d31a46f9bcb5e19167cfbaa", "status": "affected", "versionType": "git"}, {"version": "768062fd1284529212daffd360314e9aa93abb62", "lessThan": "6524a15d33951b18ac408ebbcb9c16e14e21c336", "status": "affected", "versionType": "git"}, {"version": "768062fd1284529212daffd360314e9aa93abb62", "lessThan": "d83f1512758f4ef6fc5e83219fe7eeeb6b428ea4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/input/keyboard/imx_sc_key.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.118", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.60", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.10", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.6.118"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.12.60"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.17.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ca9a08de9b294422376f47ade323d69590dbc6f2"}, {"url": "https://git.kernel.org/stable/c/56881294915a6e866d31a46f9bcb5e19167cfbaa"}, {"url": "https://git.kernel.org/stable/c/6524a15d33951b18ac408ebbcb9c16e14e21c336"}, {"url": "https://git.kernel.org/stable/c/d83f1512758f4ef6fc5e83219fe7eeeb6b428ea4"}], "title": "Input: imx_sc_key - fix memory corruption on unload", "x_generator": {"engine": "bippy-1.2.0"}}}}