← Back
2025-10-28 11:48CVE-2025-40060Linux
PUBLISHED5.1

coresight: trbe: Return NULL pointer for allocation failures

In the Linux kernel, the following vulnerability has been resolved:

coresight: trbe: Return NULL pointer for allocation failures

When the TRBE driver fails to allocate a buffer, it currently returns

the error code "-ENOMEM". However, the caller etm_setup_aux() only

checks for a NULL pointer, so it misses the error. As a result, the

driver continues and eventually causes a kernel panic.

Fix this by returning a NULL pointer from arm_trbe_alloc_buffer() on

allocation failures. This allows that the callers can properly handle

the failure.

Affected products

Linux

Linux

< cef047e0a55cb07906fcaae99170f19a9c0bb6c2 - AFFECTED

< fe53a726d5edf864e80b490780cc135fc1adece9 - AFFECTED

< 9768536f82600a05ce901e31ccfabd92c027ff71 - AFFECTED

< 296da78494633e1ab5e2e74173a9c8683b04aa6b - AFFECTED

< f505a165f1c7cd37b4cb6952042a5984693a4067 - AFFECTED

< 8a55c161f7f9c1aa1c70611b39830d51c83ef36d - AFFECTED

Linux

5.13 - AFFECTED

< 5.13 - UNAFFECTED

<= 5.15.* - UNAFFECTED

<= 6.1.* - UNAFFECTED

<= 6.6.* - UNAFFECTED

<= 6.12.* - UNAFFECTED

<= 6.17.* - UNAFFECTED

<= * - UNAFFECTED

References

git.kernel.org

https://git.kernel.org/stable/c/cef047e0a55cb07906fcaae99170f19a9c0bb6c2

git.kernel.org

https://git.kernel.org/stable/c/fe53a726d5edf864e80b490780cc135fc1adece9

git.kernel.org

https://git.kernel.org/stable/c/9768536f82600a05ce901e31ccfabd92c027ff71

git.kernel.org

https://git.kernel.org/stable/c/296da78494633e1ab5e2e74173a9c8683b04aa6b

git.kernel.org

https://git.kernel.org/stable/c/f505a165f1c7cd37b4cb6952042a5984693a4067

git.kernel.org

https://git.kernel.org/stable/c/8a55c161f7f9c1aa1c70611b39830d51c83ef36d

GitHub Security Advisories

GHSA-8w6p-wg52-cjgx

In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL...

https://github.com/advisories/GHSA-8w6p-wg52-cjgx

In the Linux kernel, the following vulnerability has been resolved:

coresight: trbe: Return NULL pointer for allocation failures

When the TRBE driver fails to allocate a buffer, it currently returns the error code "-ENOMEM". However, the caller etm_setup_aux() only checks for a NULL pointer, so it misses the error. As a result, the driver continues and eventually causes a kernel panic.

Fix this by returning a NULL pointer from arm_trbe_alloc_buffer() on allocation failures. This allows that the callers can properly handle the failure.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-40060

git.kernel.org

https://git.kernel.org/stable/c/296da78494633e1ab5e2e74173a9c8683b04aa6b

git.kernel.org

https://git.kernel.org/stable/c/8a55c161f7f9c1aa1c70611b39830d51c83ef36d

git.kernel.org

https://git.kernel.org/stable/c/9768536f82600a05ce901e31ccfabd92c027ff71

git.kernel.org

https://git.kernel.org/stable/c/cef047e0a55cb07906fcaae99170f19a9c0bb6c2

git.kernel.org

https://git.kernel.org/stable/c/f505a165f1c7cd37b4cb6952042a5984693a4067

git.kernel.org

https://git.kernel.org/stable/c/fe53a726d5edf864e80b490780cc135fc1adece9

github.com

https://github.com/advisories/GHSA-8w6p-wg52-cjgx

JSON source

Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "cveMetadata": {
    "cveId": "CVE-2025-40060",
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "dateUpdated": "2025-10-28T11:48:32.775Z",
    "dateReserved": "2025-04-16T07:20:57.158Z",
    "datePublished": "2025-10-28T11:48:32.775Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux",
        "dateUpdated": "2025-10-28T11:48:32.775Z"
      },
      "title": "coresight: trbe: Return NULL pointer for allocation failures",
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure."
        }
      ],
      "affected": [
        {
          "vendor": "Linux",
          "product": "Linux",
          "programFiles": [
            "drivers/hwtracing/coresight/coresight-trbe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "3fbf7f011f2426dac8c982f1d2ef469a7959a524",
              "status": "affected",
              "versionType": "git",
              "lessThan": "cef047e0a55cb07906fcaae99170f19a9c0bb6c2"
            },
            {
              "version": "3fbf7f011f2426dac8c982f1d2ef469a7959a524",
              "status": "affected",
              "versionType": "git",
              "lessThan": "fe53a726d5edf864e80b490780cc135fc1adece9"
            },
            {
              "version": "3fbf7f011f2426dac8c982f1d2ef469a7959a524",
              "status": "affected",
              "versionType": "git",
              "lessThan": "9768536f82600a05ce901e31ccfabd92c027ff71"
            },
            {
              "version": "3fbf7f011f2426dac8c982f1d2ef469a7959a524",
              "status": "affected",
              "versionType": "git",
              "lessThan": "296da78494633e1ab5e2e74173a9c8683b04aa6b"
            },
            {
              "version": "3fbf7f011f2426dac8c982f1d2ef469a7959a524",
              "status": "affected",
              "versionType": "git",
              "lessThan": "f505a165f1c7cd37b4cb6952042a5984693a4067"
            },
            {
              "version": "3fbf7f011f2426dac8c982f1d2ef469a7959a524",
              "status": "affected",
              "versionType": "git",
              "lessThan": "8a55c161f7f9c1aa1c70611b39830d51c83ef36d"
            }
          ]
        },
        {
          "vendor": "Linux",
          "product": "Linux",
          "programFiles": [
            "drivers/hwtracing/coresight/coresight-trbe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "5.13",
              "status": "affected"
            },
            {
              "version": "0",
              "status": "unaffected",
              "versionType": "semver",
              "lessThan": "5.13"
            },
            {
              "version": "5.15.195",
              "status": "unaffected",
              "versionType": "semver",
              "lessThanOrEqual": "5.15.*"
            },
            {
              "version": "6.1.156",
              "status": "unaffected",
              "versionType": "semver",
              "lessThanOrEqual": "6.1.*"
            },
            {
              "version": "6.6.112",
              "status": "unaffected",
              "versionType": "semver",
              "lessThanOrEqual": "6.6.*"
            },
            {
              "version": "6.12.53",
              "status": "unaffected",
              "versionType": "semver",
              "lessThanOrEqual": "6.12.*"
            },
            {
              "version": "6.17.3",
              "status": "unaffected",
              "versionType": "semver",
              "lessThanOrEqual": "6.17.*"
            },
            {
              "version": "6.18-rc1",
              "status": "unaffected",
              "versionType": "original_commit_for_fix",
              "lessThanOrEqual": "*"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cef047e0a55cb07906fcaae99170f19a9c0bb6c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe53a726d5edf864e80b490780cc135fc1adece9"
        },
        {
          "url": "https://git.kernel.org/stable/c/9768536f82600a05ce901e31ccfabd92c027ff71"
        },
        {
          "url": "https://git.kernel.org/stable/c/296da78494633e1ab5e2e74173a9c8683b04aa6b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f505a165f1c7cd37b4cb6952042a5984693a4067"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a55c161f7f9c1aa1c70611b39830d51c83ef36d"
        }
      ]
    }
  }
}

Mitre source

https://cveawg.mitre.org/api/cve/CVE-2025-40060