CVE-2025-40059

Vulnerability

Analysis of CVE-2025-40059

The vulnerability exists in the Linux kernel's Coresight subsystem, specifically in the handling of memory allocation via devm_kzalloc. The fix corrects the check of the return value, replacing an incorrect condition with !desc.pdata to properly detect a null pointer returned by devm_kzalloc [1]. This is a classic null-pointer dereference bug, where a failed memory allocation (out-of-memory condition) would result in the driver proceeding with an uninitialized pointer, potentially leading to a crash or unpredictable behavior.

Exploitation requires the ability to trigger memory pressure in the kernel such that devm_kzalloc fails. This is a local condition; an attacker with low privileges could potentially cause memory exhaustion, e.g., by triggering numerous memory allocations or exhausting the kmem cache. The attack surface is limited to systems where the Coresight driver is loaded, typically hardware that implements the ARM CoreSight debug and trace architecture [1]. No special permissions beyond local access and the ability to influence system memory usage are required.

The impact of a successful exploitation is a kernel null-pointer dereference, leading to a system crash (kernel panic) or denial of service. This could be leveraged to cause significant disruption, especially in embedded or real-time systems that use CoreSight for debugging. The vulnerability is fixed in the Linux kernel stable repository [1]; users should update to a kernel version containing the commit referenced. There is no known workaround other than ensuring adequate memory or using memory cgroups to prevent local memory exhaustion.