Primary

Context

Linux Kernel Coresight Component Improper Return Value Handling Vulnerability

Vulnerability

Patched

A vulnerability exists in the Linux kernel's handling of return values from the devm_kzalloc function within the Coresight TRBE driver. The issue arises because devm_kzalloc can return a null pointer, leading to potential null pointer dereferences. This vulnerability affects the stable versions of the Linux kernel.

Impact

The vulnerability could lead to null pointer dereferences, causing potential crashes or undefined behavior in the Coresight TRBE driver.

Reproduction

The vulnerability can be reproduced by loading the Coresight TRBE driver in a stable version of the Linux kernel. The driver will incorrectly handle a null pointer return from the devm_kzalloc function, which can lead to a null pointer dereference.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.

Added: Oct 28, 2025, 12:45 PM

Updated: Oct 28, 2025, 12:45 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

0.8

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

7.7

relevance

0.8

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Coresight Component Improper Return Value Handling Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating