CVE-2025-40060
In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL pointer for allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code "-ENOMEM". However, the caller etm_setup_aux() only checks for a NULL pointer, so it misses the error. As a result, the driver continues and eventually causes a kernel panic. Fix this by returning a NULL pointer from arm_trbe_alloc_buffer() on allocation failures. This allows that the callers can properly handle the failure.
Affected versions
Linux kernel versions
5.13
and later are affected. Fixed in
5.15.195,
6.1.156,
6.6.112,
6.12.53,
6.17.3,
6.18
and their respective stable series.
References
The following references provide additional information about CVE-2025-40060 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/296da78494633e1ab5e2e74173a9c8683b04aa6b
-
PatchKernel patch commithttps://git.kernel.org/stable/c/8a55c161f7f9c1aa1c70611b39830d51c83ef36d
-
PatchKernel patch commithttps://git.kernel.org/stable/c/9768536f82600a05ce901e31ccfabd92c027ff71
Frequently asked questions
-
What is CVE-2025-40060?
CVE-2025-40060 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.13 onward and has been patched in 5.15.195, 6.1.156, 6.6.112 and others. CVE-2025-40060 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2025-40060?
Yes — CVE-2025-40060 has been patched. Fixed versions include 5.15.195, 6.1.156, 6.6.112 and others. If you are running Linux kernel 5.13 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2025-40060 actively exploited?
No — CVE-2025-40060 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.