CVE-2025-40262
Description
In the Linux kernel, the following vulnerability has been resolved:
Input: imx_sc_key - fix memory corruption on unload
This is supposed to be "priv" but we accidentally pass "&priv" which is an address in the stack and so it will lead to memory corruption when the imx_sc_key_action() function is called. Remove the &.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A one-character typo in imx_sc_key driver passes stack address instead of pointer, causing memory corruption on unload.
Vulnerability
Details
CVE-2025-40262 is a memory corruption vulnerability in the Linux kernel's imx_sc_key input driver, introduced by a trivial but dangerous coding mistake. The driver's remove function incorrectly passes the address of the local priv pointer (&priv) to a cleanup call, rather than the pointer itself. This means the kernel writes to a location on the call stack instead of the actual driver-private data structure, leading to stack memory corruption when imx_sc_key_action() is invoked.
Exploitation
Context
The vulnerability is triggered during normal driver unload (module removal or device unbind). No special privileges or authentication are required beyond having the imx_sc_key driver loaded and being able to trigger its removal. Because the corruption occurs on the kernel stack, it can corrupt return addresses and other critical stack data, potentially allowing an attacker to control execution flow. The bug is a classic example of a use-after-free or stack buffer overflow in disguise: the freed priv pointer is never used, but the address-of operator causes the kernel to write to an unintended stack location.
Impact
Successful exploitation could lead to a denial of service (kernel crash) or, in more sophisticated scenarios, arbitrary code execution with kernel privileges. Since the corruption happens during driver removal, a local attacker who can force repeated load/unload cycles might escalate privileges. The vulnerability was introduced when the code was written and affects all kernel versions containing the faulty patch. It has been assigned a CVSS score based on the ability to corrupt kernel memory; however, practical exploitation requires precise control over the stack layout.
Mitigation
Patches are available in the Linux kernel stable tree (commit references [1], [2], [3]). Users should update to a kernel version that includes the fix, which simply removes the ampersand to pass the correct pointer. No workarounds are known other than not loading or unloading the affected driver. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
73e96803b169d4ce5218b1012a155292c3ce7ca9a08de9b2956881294915a6524a15d3395d83f1512758fVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- git.kernel.org/stable/c/3e96803b169dc948847f0fc2bae729a80914eb7bnvd
- git.kernel.org/stable/c/4ce5218b101205b3425099fe3df88a61b58f9cc2nvd
- git.kernel.org/stable/c/56881294915a6e866d31a46f9bcb5e19167cfbaanvd
- git.kernel.org/stable/c/6524a15d33951b18ac408ebbcb9c16e14e21c336nvd
- git.kernel.org/stable/c/a155292c3ce722036014da5477ee0e4c87b5e6b3nvd
- git.kernel.org/stable/c/ca9a08de9b294422376f47ade323d69590dbc6f2nvd
- git.kernel.org/stable/c/d83f1512758f4ef6fc5e83219fe7eeeb6b428ea4nvd
News mentions
0No linked articles in our index yet.